Security News > 2020 > June > Mysterious 'AcidBox' Malware Used Turla Exploit to Target Russian Organizations
Targeted attacks delivering a new piece of malware leveraged an exploit previously associated with the Russian-linked Turla hacking group, Palo Alto Networks reveals.
Believed to be operating on behalf of the Russian Federal Security Service and also known as Waterbug, Venomous Bear and KRYPTON, Turla was the first threat actor known to have abused a third-party device driver to disable Driver Signature Enforcement, a security feature introduced in Windows Vista to prevent the loading of unsigned drivers.
The adversary targeted at least two different Russian organizations in 2017 by exploiting version 2.2.0 of the driver, likely because this iteration wasn't known to be vulnerable.
The attackers deployed a previously unknown malware family, which the researchers named AcidBox.
A complex piece of malware part of a bigger toolset, AcidBox is likely associated with an advanced threat actor and might still be in use today, provided that the attacker is still active.
News URL
Related news
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Fake LDAPNightmware exploit on GitHub spreads infostealer malware (source)
- Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (source)