Security News > 2020 > December > Newly Discovered Turla Backdoor Used in Government Attacks

Newly Discovered Turla Backdoor Used in Government Attacks
2020-12-02 18:40

ESET's security researchers have discovered yet another piece of malware that Russian cyber-espionage group Turla has been using in its attacks.

According to ESET, the malware might be used only against very specific targets, a common feature for many Turla tools.

In September 2017, both samples were dropped in the same location on the same machine, only five days apart, both dropped malware components packed within CAB files, and the loaders dropped by them shared clearly related PDB paths and used the same RC4 key to decrypt their payloads.

"Given these elements and that Turla malware families are not known to be shared among different groups, we believe that Crutch is a malware family that is part of the Turla arsenal," ESET says.

The security researchers also discovered that both Crutch and FatDuke were present on the same machine at the same time, but did not find evidence of interaction between the two malware families.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/FuuwJrjKo9g/newly-discovered-turla-backdoor-used-government-attacks