Security News

Russian Turla hackers hit Starlink-connected devices in Ukraine
2024-12-11 17:00

Russian cyber-espionage group Turla, aka "Secret Blizzard," is utilizing other threat actors' infrastructure to target Ukrainian military devices connected via Starlink. [...]

Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities
2024-12-04 17:23

The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a...

Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions
2024-05-15 12:29

An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail....

Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor
2024-02-15 15:08

The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in...

Turla hackers backdoor NGOs with new TinyTurla-NG malware
2024-02-15 14:49

Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. According to the researchers, TinyTurla-NG is actively targeting multiple NGOs in Poland.

Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection
2023-11-01 07:21

The Russia-linked hacking crew known as Turla has been observed using an updated version of a known second-stage backdoor referred to as Kazuar. The new findings come from Palo Alto Networks Unit...

Microsoft Exchange servers compromised by Turla APT
2023-07-20 12:05

Turla has been targeting defense sector organizations in Ukraine and Eastern Europe with DeliveryCheck and Kazuar backdoors / infostealers and has been using compromised Microsoft Exchange servers to control them. Turla APT. Turla is a sophisticated and persistent APT group that has been active for over 10 years and is believed to be sponsored by the Russian state.

Turla's New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector
2023-07-20 09:40

The defense sector in Ukraine and Eastern Europe has been targeted by a novel. NET-based backdoor called DeliveryCheck that's capable of delivering next-stage payloads.

Turla’s Snake malware network disrupted by Five Eyes’ authorities
2023-05-10 11:42

The US Government has been investigating Snake and Snake-related malware tools for nearly 20 years, and has monitored FSB officers assigned to Turla conducting daily operations using Snake from a known FSB facility in Ryazan, Russia. Although Snake has been the subject to several cybersecurity industry reports throughout its existence, Turla has applied numerous upgrades and revisions, and selectively deployed it, all to ensure that Snake remains Turla's most sophisticated long-term cyberespionage malware implant.

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
2023-01-08 06:15

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine. Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called ANDROMEDA that was uploaded to VirusTotal in 2013.