Security News

Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of a European Union country. Turla's Crutch malware was designed to help harvest and exfiltrate sensitive documents and various other files of interest to Dropbox accounts controlled by the Russian hacking group.

Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla, a Russia-based advanced hacker group known for its extensive attacks against governments, embassies, and military organizations through various watering hole and spear-phishing campaigns. "These tools were designed to exfiltrate sensitive documents and other files to Dropbox accounts controlled by Turla operators," the cybersecurity firm said in an analysis shared with The Hacker News.

Microsoft said it has detected attempts by state-backed Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers. Microsoft said most of the targets - located in Canada, France, India, South Korea and the United States - were "Directly involved in researching vaccines and treatments for COVID-19." It did not name the targets but said most had vaccine candidates in various stages of clinical trials.

The Czech Republic's intelligence agency said Tuesday Russian and Chinese spies posed an imminent threat to the EU member's security and other key interests last year. All Russian intelligence services were active on Czech territory in 2019.

British eavesdropping agency GCHQ is actively hacking Russian attempts to undermine coronavirus vaccine efforts, according to The Times. Some weeks ago a Russian misinformation campaign was brought to light, again by The Times, aiming to sow distrust of the safety and efficacy of a COVID-19 vaccine being developed by drug company AstraZeneca and Oxford University in the UK. The campaign reportedly claimed that because AZD1222 uses a replication-deficient chimpanzee viral vector, it could "Turn people into monkeys".

Now, the security researchers reveal that the attackers have updated their techniques and that the number of victim organizations has increased. In recent attacks, the hackers started using actual documents related to the organization's activity, including scanned copies of memos, letters, and procurement documentation forms, seemingly stolen in earlier attacks.

The United States on Monday announced the sentencing of a Russian national for his role in a scheme involving the theft and trading of personal and financial information. The man, Aleksandr Brovko, 36, admitted in February to conspiring to commit bank and wire fraud.

Brovko was tasked with sifting through the logs of these botnets for internet banking credentials vacuumed by the malware, which were subsequently used by fellow conspirators to steal millions of dollars from Americans' accounts in fraudulent transfers. "Where his computer code could not effectively parse the data, Brovko supplemented his computer-automated efforts with manual searches of the data," his indictment [PDF] noted.

Russian interference has been minimal so far in the most tempestuous U.S. presidential election in decades. Election officials fear a "Blend" of overlapping attacks intended to undermine voter confidence and incite political violence: taking over state or local government websites to spread misinformation, crippling election results-reporting websites with denial-of-service attacks, hijacking officials' social media accounts and making false claims about rigged voting.

The United States Cyber Command this week released new malware samples associated with the activity of Russian threat actors Turla and Zebrocy. On Thursday, USCYBERCOM shared on VirusTotal new samples of the ComRAT Trojan, which is believed to be one of the oldest malware families employed by the Russia-linked threat actor.