February 15, 2024 at 10:18AM
Russian threat actor Turla has been using a new backdoor, TinyTurla-NG, in a campaign targeting Polish non-governmental organizations. The backdoor is similar to TinyTurla, used in previous intrusions. Turla, linked to the FSB, has also targeted the defense sector in Ukraine and Eastern Europe with a .NET-based backdoor called DeliveryCheck. This activity occurred from late 2023 to early 2024.
Key Takeaways:
1. The Russia-linked threat actor Turla has been observed using a new backdoor named TinyTurla-NG in a campaign targeting Polish non-governmental organizations from November 2023 to January 2024.
2. TinyTurla-NG is a small ‘last chance’ backdoor that is used when other unauthorized access/backdoor mechanisms have failed or been detected on infected systems.
3. This new backdoor is distributed through compromised WordPress-based websites, employing them as command-and-control (C2) endpoints to fetch and execute instructions.
4. It can run commands via PowerShell or Command Prompt and is designed to exfiltrate key material used to secure the password databases of popular password management software.
5. Microsoft and OpenAI revealed that nation-state actors from Russia are exploring AI tools, including large language models like ChatGPT, for understanding satellite communication protocols and radar imaging technologies.
Let me know if there is anything else you need from the meeting notes!