Security News > 2021 > September > Russian state hackers use new TinyTurla malware as secondary backdoor

Russian state hackers use new TinyTurla malware as secondary backdoor
2021-09-21 15:54

Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan.

Named TinyTurla due to its limited functionality and uncomplicated coding style, the backdoor could also be used as a stealthy second-stage malware dropper.

Security researchers at Cisco Talos say that TinyTurla is a "Previously undiscovered" backdoor from the Turla APT group that has been used since at least 2020, slipping past malware detection systems particularly because of its simplicity.

Cisco Talos' telemetry data, which is how the researcher discovered the new malware, shows that TinyTurla has also been deployed on systems in the U.S. and Germany.

Linking the TinyTurla backdoor to the Russian state hackers was possible because the threat actor used the same infrastructure seen in other attacks attributed to the Turla APT group.

In research published today, the researchers say that the hackers used the malware "As a second-chance backdoor to maintain access to the system" if the primary access tool got removed.


News URL

https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/