Security News > 2024 > May > Russian hackers use new Lunar malware to breach a European govt's agencies

Russian hackers use new Lunar malware to breach a European govt's agencies
2024-05-16 15:57

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. The pieces of malware have been used to breach the Ministry of Foreign Affairs of a European country with diplomatic missions in the Middle East and have been active since at least 2020.

Researchers at cybersecurity company ESET believe that the backdoors may be connected to the Russian state-sponsored hacker group Turla, although attribution has medium confidence at this point.

Once the Lunar backdoors are running on the host, the attackers may send commands directly via the command and control server and use stolen credentials and compromised domain controllers for lateral movement on the network.

The two Lunar backdoors are designed for prolonged and covert surveillance, data theft, and maintaining control over compromised systems, such as high-value targets like government and diplomatic institutions.

Based on similarities in observed tactics, techniques, and procedures between the Lunar toolset and and past activities, ESET attributes the backdoors to the Russian hacking group Turla with medium confidence.

Poland says Russian military hackers target its govt networks.


News URL

https://www.bleepingcomputer.com/news/security/russian-hackers-use-new-lunar-malware-to-breach-a-european-govts-agencies/