Security News

Russian Turla APT Group Deploying New Backdoor on Targeted Systems
2021-09-27 21:14

State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected.

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
2021-09-21 16:02

The Turla advanced persistent threat group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they've spotted infections they attributed to the Turla group - a Russian-speaking APT. Those attacks are "Likely" using a stealthy, "Second-chance" backdoor to maintain access to infected devices, they noted.

SolarWinds Hack Potentially Linked to Turla APT
2021-01-11 17:53

New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat group. "After the Sunburst malware was first deployed in February 2020, Kazuar continued to evolve and later 2020 variants are even more similar, in some respects, to Sunburst," the firm noted in an analysis published on Monday.

Newly Discovered Turla Backdoor Used in Government Attacks
2020-12-02 18:40

ESET's security researchers have discovered yet another piece of malware that Russian cyber-espionage group Turla has been using in its attacks. According to ESET, the malware might be used only against very specific targets, a common feature for many Turla tools.

Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks
2020-12-02 18:06

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat espionage group. Researchers said that the Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.

Turla Cyber-Spies Target European Government With Multiple Backdoors
2020-10-29 13:46

The Russia-linked cyber-espionage group known as Turla was recently observed targeting a European government organization with a combination of backdoors, security researchers at Accenture reveal. In a recent attack on such an organization in Europe, Turla was observed employing a combination of remote procedure call-based backdoors, including the HyperStack backdoor, and Kazuar and Carbon remote administration Trojans.

Russian Turla hackers breach European government organization
2020-10-28 14:46

Russian-speaking hacking group Turla has hacked into the systems of an undisclosed European government organization according to a new Accenture Cyber Threat Intelligence report. Government entities are advised by ACTI to check network logs for indicators of compromise included at the end of the report and to build detections capable of blocking future Turla attacks.

Mysterious 'AcidBox' Malware Used Turla Exploit to Target Russian Organizations
2020-06-19 11:18

Targeted attacks delivering a new piece of malware leveraged an exploit previously associated with the Russian-linked Turla hacking group, Palo Alto Networks reveals. Believed to be operating on behalf of the Russian Federal Security Service and also known as Waterbug, Venomous Bear and KRYPTON, Turla was the first threat actor known to have abused a third-party device driver to disable Driver Signature Enforcement, a security feature introduced in Windows Vista to prevent the loading of unsigned drivers.

Turla's Updated ComRAT Malware Uses Gmail for C&C Communication
2020-05-27 09:02

An updated version of the ComRAT malware that Russia-linked cyber-espionage threat actor Turla has been using in recent attacks can connect to Gmail to receive commands, ESET reports. One of the oldest malware families used by the group, ComRAT was used to target the US military in 2008 and saw two major versions released until 2012, both derived from the same code base.

Turla APT Revamps One of Its Go-To Spy Tools
2020-05-26 15:28

The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan to attack governmental targets. According to ESET researchers, ComRAT is one of Turla's oldest weapons, released in 2007 - but the firm found that Turla used an updated version in attacks against at least three targets earlier this year: Two Ministries of Foreign Affairs and a national parliament.