Security News > 2020 > March > Russia-Linked Turla Cyberspies Add More Malware to Arsenal
The Russia-linked threat group known as Turla was observed using two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019, ESET reports.
Also known as Waterbug, KRYPTON, Snake, and Venomous Bear, and active for more than a decade, Turla is known for the targeting of various diplomatic and military organizations, with a focus on NATO and Commonwealth of Independent States nations.
The malware can receive backdoor commands in JSON format, to download additional files, execute Windows commands, change execution delay, and kill the malware.
"Recorded Future assesses with high confidence that TwoFace is the Iranian APT34 ASPX shell Turla was scanning for to pivot to additional hosts, as documented in the NSA/NCSC report. We assess that any live TwoFace shells as of late January 2020 could also be potential operational assets of the Turla Group," the security firm says.
According to Recorded Future, Turla has been scanning for the presence of TwoFace ASPX web shells, then attempted to access the infected machines to download Snake and other malware.