Goto

Collaborating Authors


Latest Turla backdoor leverages email PDF attachments as C&C mechanism

#artificialintelligence

Malware researchers from ESET have conducted a new analysis of a backdoor used by the Russia-linked APT Turla in targeted espionage operations. The new analysis revealed a list of high-profile victims that was previously unknown. Turla is the name of a Russian cyber espionage APT group (also known as Waterbug, Venomous Bear and KRYPTON) that has been active since at least 2007 targeting government organizations and private businesses. The list of previously known victims is long and includes also the Swiss defense firm RUAG, US Department of State, and the US Central Command. In June 2016, researchers from Kaspersky reported that the Turla APT had started using rootkit), Epic Turla (Wipbot and Tavdig) and Gloog Turla.


Turla backdoors compromise European government foreign offices

ZDNet

ESET researchers tracking a notorious backdoor and cyberespionage campaign have warned that the list of government victims is far longer than previously thought -- and at least two new European offices have succumbed. The backdoor is the work of an advanced persistent threat (APT) group known as Turla. Turla has previously been linked to the Gazer malware family, which has been used against various government and diplomatic bodies in Europe before. Gazer was connected to watering hole attacks and spear-phishing campaigns targeting government entities and diplomats for the purpose of cyberespionage. In 2017, Turla was also connected to a backdoor implanted in Germany's Federal Foreign Office, where it was used to siphon confidential government information over the majority of the year.


Global cyber-espionage campaign linked to Russian spying tools

The Guardian

The group behind a global cyber-espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers have said. Investigators at the Moscow-based cybersecurity firm Kaspersky said the "backdoor" used to compromise up to 18,000 customers of the US software maker SolarWinds closely resembled malware tied to a hacking group known as Turla, which Estonian authorities have said operates on behalf of Russia's FSB security service. The findings are the first publicly available evidence to support assertions by the US that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies and is among the most ambitious cyber-operations ever disclosed. Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment.


SolarWinds hackers linked to known Russian spying tools, investigators say

The Japan Times

London – The group behind a global cyber-espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers said Monday. Investigators at Moscow-based cybersecurity firm Kaspersky said the "backdoor" used to compromise up to 18,000 customers of U.S. software-maker SolarWinds closely resembled malware tied to a hacking group known as "Turla," which Estonian authorities have said operates on behalf of Russia's FSB security service. The findings are the first publicly available evidence to support assertions by the United States that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies and is among the most ambitious cyberoperations ever disclosed. Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment.