Security News > 2021 > September > Russian state hackers use new TinyTurla malware as secondary backdoor
Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan.
Named TinyTurla due to its limited functionality and uncomplicated coding style, the backdoor could also be used as a stealthy second-stage malware dropper.
Security researchers at Cisco Talos say that TinyTurla is a "Previously undiscovered" backdoor from the Turla APT group that has been used since at least 2020, slipping past malware detection systems particularly because of its simplicity.
Cisco Talos' telemetry data, which is how the researcher discovered the new malware, shows that TinyTurla has also been deployed on systems in the U.S. and Germany.
Linking the TinyTurla backdoor to the Russian state hackers was possible because the threat actor used the same infrastructure seen in other attacks attributed to the Turla APT group.
In research published today, the researchers say that the hackers used the malware "As a second-chance backdoor to maintain access to the system" if the primary access tool got removed.
News URL
Related news
- Turla hackers backdoor NGOs with new TinyTurla-NG malware (source)
- Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks (source)
- Chinese hackers infect Dutch military network with malware (source)
- Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor (source)
- Hackers used new Windows Defender zero-day to drop DarkMe malware (source)
- Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks (source)