Security News > 2021 > September > Russian Turla APT Group Deploying New Backdoor on Targeted Systems
State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan.
Cisco Talos attributed the attacks to the Turla advanced persistent threat group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected.
Attacks incorporating the backdoor are believed to have occurred since 2020.
"This simple backdoor is likely used as a second-chance backdoor to maintain access to the system, even if the primary malware is removed," the researchers said.
The novel backdoor - which camouflages as an innocuous but fake Microsoft Windows Time Service to fly under the radar - is orchestrated to register itself and establish communications with an attacker-controlled server to receive further instructions that range from downloading and executing arbitrary processes to uploading the results of the commands back to the server.
TinyTurla's links to Turla come from overlaps in the modus operandi, which has been previously identified as the same infrastructure used by the group in other campaigns in the past.