Security News > 2024 > May > Russian hackers use new Lunar malware to breach a European govt's agencies

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. The pieces of malware have been used to breach the Ministry of Foreign Affairs of a European country with diplomatic missions in the Middle East and have been active since at least 2020.
Researchers at cybersecurity company ESET believe that the backdoors may be connected to the Russian state-sponsored hacker group Turla, although attribution has medium confidence at this point.
Once the Lunar backdoors are running on the host, the attackers may send commands directly via the command and control server and use stolen credentials and compromised domain controllers for lateral movement on the network.
The two Lunar backdoors are designed for prolonged and covert surveillance, data theft, and maintaining control over compromised systems, such as high-value targets like government and diplomatic institutions.
Based on similarities in observed tactics, techniques, and procedures between the Lunar toolset and and past activities, ESET attributes the backdoors to the Russian hacking group Turla with medium confidence.
Poland says Russian military hackers target its govt networks.
News URL
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)