Security News > 2020 > December > Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks
Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat espionage group.
Researchers said that the Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.
In its earliest iterations, the Crutch architecture included a backdoor that communicated with Dropbox, as well as a second main binary that targeted files on any removable drives that may be on the system.
ESET connected Crutch to the Turla APT due to what researchers called "Strong links" between a Crutch dropper from 2016 and a second-stage backdoor used by Turla from 2016 to 2017.
"Given these elements and that Turla malware families are not known to be shared among different groups, we believe that Crutch is a malware family that is part of the Turla arsenal," said researchers.
News URL
https://threatpost.com/turla-backdoor-dropbox-espionage-attacks/161777/
Related news
- Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions (source)
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)
- Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks (source)
- Suspected supply chain attack backdoors courtroom recording software (source)