Security News

Google's Threat Analysis Group, whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations. In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.

An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. "When the application is run, a warning appears about the permissions granted to the application," Lab52 researchers said.

State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected.

The Turla advanced persistent threat group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they've spotted infections they attributed to the Turla group - a Russian-speaking APT. Those attacks are "Likely" using a stealthy, "Second-chance" backdoor to maintain access to infected devices, they noted.

New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat group. "After the Sunburst malware was first deployed in February 2020, Kazuar continued to evolve and later 2020 variants are even more similar, in some respects, to Sunburst," the firm noted in an analysis published on Monday.

ESET's security researchers have discovered yet another piece of malware that Russian cyber-espionage group Turla has been using in its attacks. According to ESET, the malware might be used only against very specific targets, a common feature for many Turla tools.

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat espionage group. Researchers said that the Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.

The Russia-linked cyber-espionage group known as Turla was recently observed targeting a European government organization with a combination of backdoors, security researchers at Accenture reveal. In a recent attack on such an organization in Europe, Turla was observed employing a combination of remote procedure call-based backdoors, including the HyperStack backdoor, and Kazuar and Carbon remote administration Trojans.

Russian-speaking hacking group Turla has hacked into the systems of an undisclosed European government organization according to a new Accenture Cyber Threat Intelligence report. Government entities are advised by ACTI to check network logs for indicators of compromise included at the end of the report and to build detections capable of blocking future Turla attacks.

Targeted attacks delivering a new piece of malware leveraged an exploit previously associated with the Russian-linked Turla hacking group, Palo Alto Networks reveals. Believed to be operating on behalf of the Russian Federal Security Service and also known as Waterbug, Venomous Bear and KRYPTON, Turla was the first threat actor known to have abused a third-party device driver to disable Driver Signature Enforcement, a security feature introduced in Windows Vista to prevent the loading of unsigned drivers.