#Turla – Xynik

Russian cyber spies hide behind other hackers to target Ukraine

December 12, 2024 by Xynik

December 12, 2024 at 11:09AM Russian cyber-espionage group Turla is leveraging other threat actors’ infrastructure, specifically targeting Ukrainian military devices via Starlink. Utilizing malware from the Amadey botnet and other sources, Turla deploys custom malware like Tavdig and KazuarV2 to gather intelligence and perform reconnaissance on compromised systems. Microsoft recently highlighted these activities. ### Key … Read more

Russian Turla hackers hit Starlink-connected devices in Ukraine

December 11, 2024 by Xynik

December 11, 2024 at 01:56PM Russian cyber-espionage group Turla, also known as “Secret Blizzard,” is targeting Ukrainian military devices via Starlink by leveraging infrastructure from other threat actors, like Storm-0156 and Storm-1837. Their operations involve deploying custom malware, including Tavdig and KazuarV2, to gather intelligence on military activities. ### Meeting Takeaways: Turla Cyber Operations Targeting … Read more

Russian hackers hijack Pakistani hackers’ servers for their own attacks

December 5, 2024 by Xynik

December 5, 2024 at 03:48AM The Russian cyber-espionage group Turla is hijacking the infrastructure of Pakistani threat actor Storm-0156 to conduct covert attacks on compromised networks, particularly targeting Afghan and Indian government entities. This tactic, observed since late 2022, allows Turla to stealthily deploy malware while complicating attribution efforts. **Meeting Takeaways** 1. **Turla’s Activities:** – … Read more

Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities

December 4, 2024 by Xynik

December 4, 2024 at 12:54PM The Russia-linked APT group Turla has infiltrated the command-and-control servers of the Pakistan-based Storm-0156 hacking group since December 2022. Turla utilizes this access to deploy custom malware against Afghan government networks, demonstrating a tactic of leveraging others’ infrastructure for intelligence gathering, complicating attribution and enhancing their operational reach. ### Meeting … Read more

Russian hackers hijack Pakistani hackers’ servers for their own attacks

December 4, 2024 by Xynik

December 4, 2024 at 12:11PM The Russian cyber-espionage group Turla is infiltrating the infrastructure of the Pakistani threat actor Storm-0156, using its compromised networks for covert attacks since late 2022. This strategy allows Turla to stealthily gather intelligence while complicating attribution efforts, leveraging previously breached targets, including Afghan governmental entities. **Meeting Notes Takeaways:** 1. **Turla’s … Read more

Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions

May 15, 2024 by Xynik

May 15, 2024 at 09:07AM An unnamed European Ministry of Foreign Affairs and its three diplomatic missions in the Middle East were targeted by two new backdoors, LunarWeb and LunarMail, attributed with medium confidence to the Russia-aligned cyberespionage group Turla. The backdoors use HTTP(S) and email messages for their communication, and appear to have been … Read more

Russia Hackers Using TinyTurla-NG to Breach European NGO’s Systems

March 21, 2024 by Xynik

March 21, 2024 at 12:57PM Turla, a Russia-linked threat actor, infected European NGO systems with TinyTurla-NG backdoor, persisting and evading antivirus. They exploited initial access, exfiltrated data through Chisel, breached since Oct 2023, with a targeted campaign and customized malware. Turla’s activities involve Microsoft Defender exclusions and malicious service creation. Cisco Talos disclosed this in … Read more

Russian Turla Cyberspies Target Polish NGOs With New Backdoor

February 22, 2024 by Xynik

February 22, 2024 at 10:51AM Turla, a Russian state-sponsored threat actor, has deployed a new backdoor called TinyTurla-NG in recent attacks on NGOs in Poland. The malware, an evolution of TinyTurla, was first used in December 2023 and is designed for implant administration and file management. Turla also deployed other tools in this attack. From … Read more

Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs

February 15, 2024 by Xynik

February 15, 2024 at 10:52AM The Russia-sponsored APT group Turla launched a cyberespionage campaign targeting Polish NGOs, using a new backdoor named “TinyTurla-NG” with modular capabilities. The backdoor allows execution of PowerShell and Windows Command Line Interface commands, and a new implant, TurlaPower-NG, for exfiltrating files. Turla also employs old tactics like compromised WordPress-based websites … Read more

Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor

February 15, 2024 by Xynik

February 15, 2024 at 10:18AM Russian threat actor Turla has been using a new backdoor, TinyTurla-NG, in a campaign targeting Polish non-governmental organizations. The backdoor is similar to TinyTurla, used in previous intrusions. Turla, linked to the FSB, has also targeted the defense sector in Ukraine and Eastern Europe with a .NET-based backdoor called DeliveryCheck. … Read more