Security News > 2020 > December > Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks

Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks
2020-12-02 18:06

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat espionage group.

Researchers said that the Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.

In its earliest iterations, the Crutch architecture included a backdoor that communicated with Dropbox, as well as a second main binary that targeted files on any removable drives that may be on the system.

ESET connected Crutch to the Turla APT due to what researchers called "Strong links" between a Crutch dropper from 2016 and a second-stage backdoor used by Turla from 2016 to 2017.

"Given these elements and that Turla malware families are not known to be shared among different groups, we believe that Crutch is a malware family that is part of the Turla arsenal," said researchers.


News URL

https://threatpost.com/turla-backdoor-dropbox-espionage-attacks/161777/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dropbox 5 2 6 3 2 13