Security News > 2020 > October > Turla Cyber-Spies Target European Government With Multiple Backdoors
The Russia-linked cyber-espionage group known as Turla was recently observed targeting a European government organization with a combination of backdoors, security researchers at Accenture reveal.
In a recent attack on such an organization in Europe, Turla was observed employing a combination of remote procedure call-based backdoors, including the HyperStack backdoor, and Kazuar and Carbon remote administration Trojans.
"The RATs transmit the command execution results and exfiltrate data from the victim's network while the RPC-based backdoors use the RPC protocol to perform lateral movement and issue and receive commands on other machines in the local network. These tools often include several layers of obfuscation and defense evasion techniques," Accenture explains.
Given the success registered using this combination of tools, Turla is expected to continue employing the ecosystems for the targeting of Windows-based networks.
"Turla will likely continue to use its legacy tools, albeit with upgrades, to compromise and maintain long term access to its victims because these tools have proven successful against windows-based networks. Government entities, in particular, should check network logs for indicators of compromise and build detections aimed at thwarting this threat actor," Accenture concludes.