Security News > 2020 > June > Mysterious 'AcidBox' Malware Used Turla Exploit to Target Russian Organizations
Targeted attacks delivering a new piece of malware leveraged an exploit previously associated with the Russian-linked Turla hacking group, Palo Alto Networks reveals.
Believed to be operating on behalf of the Russian Federal Security Service and also known as Waterbug, Venomous Bear and KRYPTON, Turla was the first threat actor known to have abused a third-party device driver to disable Driver Signature Enforcement, a security feature introduced in Windows Vista to prevent the loading of unsigned drivers.
The adversary targeted at least two different Russian organizations in 2017 by exploiting version 2.2.0 of the driver, likely because this iteration wasn't known to be vulnerable.
The attackers deployed a previously unknown malware family, which the researchers named AcidBox.
A complex piece of malware part of a bigger toolset, AcidBox is likely associated with an advanced threat actor and might still be in use today, provided that the attacker is still active.
News URL
Related news
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Russian army targeted by new Android malware hidden in mapping app (source)
- Disney Slack attack wasn't Russian protesters, just a Cali dude with malware (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- Google links new LostKeys data theft malware to Russian cyberspies (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)