Security News > 2024 > February > Turla hackers backdoor NGOs with new TinyTurla-NG malware
Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data.
According to the researchers, TinyTurla-NG is actively targeting multiple NGOs in Poland.
The TinyTurla-NG malware acts as a backdoor and its purpose is to provide the threat actor access to the compromised system when all other mechanisms fail or when they've been detected and removed.
Data exfiltration is done using malicious PowerShell scripts, which the researchers named TurlaPower-NG, delivered through the new backdoor.
There are at least three variants of the TinyTurla-NG backdoor but the researchers could get access to only two of them.
While TinyTurla-NG's code is different from the threat actor's older TinyTurla implant, they both have the same use acting as a "Secret backdoor" that continues to provide access when other methods become unsuccessful.
News URL
Related news
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- New 'OtterCookie' malware used to backdoor devs in fake job offers (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)