Security News > 2021 > September > Russian state hackers use new TinyTurla malware as secondary backdoor
Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan.
Named TinyTurla due to its limited functionality and uncomplicated coding style, the backdoor could also be used as a stealthy second-stage malware dropper.
Security researchers at Cisco Talos say that TinyTurla is a "Previously undiscovered" backdoor from the Turla APT group that has been used since at least 2020, slipping past malware detection systems particularly because of its simplicity.
Cisco Talos' telemetry data, which is how the researcher discovered the new malware, shows that TinyTurla has also been deployed on systems in the U.S. and Germany.
Linking the TinyTurla backdoor to the Russian state hackers was possible because the threat actor used the same infrastructure seen in other attacks attributed to the Turla APT group.
In research published today, the researchers say that the hackers used the malware "As a second-chance backdoor to maintain access to the system" if the primary access tool got removed.
News URL
Related news
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- New 'OtterCookie' malware used to backdoor devs in fake job offers (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)