Lucene search
K

19 matches found

Wired Threat Level
Wired Threat Level
added 2025/07/31 4:0 p.m.7 views

The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/15 12:29 p.m.15 views

Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions

An unnamed European Ministry of Foreign Affairs MFA and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/16 1:55 p.m.39 views

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discover...

7.8CVSS8AI score0.97798EPSS
Exploits49
The Hacker News
The Hacker News
added 2023/05/10 8:44 a.m.2 views

U.S. Government Neutralizes Russia's Most Sophisticated Snake Cyber Espionage Tool

The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as Snake wielded by Russia's Federal Security Service FSB. Snake, dubbed the "most sophisticated cyber espionage tool," is the handiwork of a Russian...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/24 2:0 p.m.28 views

Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering

The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher an...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/01/09 1:2 p.m.89 views

Turla APT used ANDROMEDA malware to infiltrate a variety of industries

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Turla Group is reportedly distributing the KOPILUWAK reconnaissance software and the QUIETCANARY backdoor to victims of ANDROMEDA malware in Ukraine. ANDROMEDA malware, spread through infected USB...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/08 6:15 a.m.3 views

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2022/11/25 12:0 a.m.290 views

Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d891c9374ccb2a4cae2274170e8644d8.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan.Win32.DarkNeuron.gen Vulnerability: Named...

7.4AI score
Exploits0
HackRead
HackRead
added 2022/04/05 12:2 p.m.18 views

New Russian Android Malware Tracks GPS Location and Spies on Victims

By Waqas The culprit behind this malware is Turla, a Russia State-Sponsored group known for previous high-profile malware attacks against… This is a post from HackRead.com Read the original post: New Russian Android Malware Tracks GPS Location and Spies on Victims...

3.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/11 1:22 p.m.5 views

Researchers Find Links Between Sunburst and Russian Kazuar Malware

Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/02 12:8 p.m.3 views

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla aka Venomous Bear or Snake, a...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/02 12:8 p.m.39 views

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla aka Venomous Bear or Snake, a...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2020/06/17 10:12 p.m.565 views

AcidBox Malware Uncovered Using Repurposed VirtualBox Exploit

Advanced malware, dubbed AcidBox, has been identified by researchers who say a mysterious cybergang used it twice against Russian organizations as far back as 2017. In a report released Wednesday, Palo Alto Networks’ Unit 42 sheds new light onto attacks against the popular open-source...

7.2CVSS9.1AI score0.26869EPSS
Exploits8References7
The Hacker News
The Hacker News
added 2020/05/26 9:36 a.m.3 views

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. "ComRAT v4 was first seen in 2017 and known still ...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/15 9:43 a.m.8 views

HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...

5.8AI score
Exploits0
CISA
CISA
added 2019/10/21 12:0 a.m.14 views

NSA and NCSC Release Joint Advisory on Turla Group Activity

The National Security Agency NSA and the United Kingdom National Cyber Security Centre NCSC have released a joint advisory on advanced persistent threat APT group Turla—widely reported to be Russian and also known as Snake, Uroburos, VENEMOUS BEAR, or Waterbug. The advisory provides an update to...

6.7AI score
Exploits0References7
Carbon Black Blog
Carbon Black Blog
added 2018/12/11 5:40 p.m.63 views

Partner Perspectives: Insight on Turla PNG Dropper

Editor's Note: This blog originally appeared on NCC Group's website. This is a short blog post on the PNG Dropper malware that has been developed and used by the Turla Group 1. The PNG Dropper was first discovered back in August 2017 by Carbon Black researchers. Back in 2017 it was being used to...

Exploits0
Malwarebytes
Malwarebytes
added 2018/01/15 5:0 p.m.25 views

A week in security (January 8 – January 14)

It's very early in the year, yet everyone has already had a complete meltdown pun intended over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to help mitigate these threats. However, problems i...

7.1AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2017/08/18 7:35 p.m.198 views

Threat Analysis: Carbon Black Threat Research Dissects PNG Dropper

UPDATE 8/14/17: After posting the original analysis, the Carbon Black Threat Research team received numerous requests for the tools to extract the second stage payload from the initial PNGdropper file. As a result, the source code and compiled binaries are being made public and are posted to the...

7.7AI score
Exploits0
Rows per page
Query Builder