May 15, 2024 at 09:07AM An unnamed European Ministry of Foreign Affairs and its three diplomatic missions in the Middle East were targeted by two new backdoors, LunarWeb and LunarMail, attributed with medium confidence to the Russia-aligned cyberespionage group Turla. The backdoors use HTTP(S) and email messages for their communication, and appear to have been … Read more
March 21, 2024 at 12:57PM Turla, a Russia-linked threat actor, infected European NGO systems with TinyTurla-NG backdoor, persisting and evading antivirus. They exploited initial access, exfiltrated data through Chisel, breached since Oct 2023, with a targeted campaign and customized malware. Turla’s activities involve Microsoft Defender exclusions and malicious service creation. Cisco Talos disclosed this in … Read more
February 22, 2024 at 10:51AM Turla, a Russian state-sponsored threat actor, has deployed a new backdoor called TinyTurla-NG in recent attacks on NGOs in Poland. The malware, an evolution of TinyTurla, was first used in December 2023 and is designed for implant administration and file management. Turla also deployed other tools in this attack. From … Read more
February 15, 2024 at 10:52AM The Russia-sponsored APT group Turla launched a cyberespionage campaign targeting Polish NGOs, using a new backdoor named “TinyTurla-NG” with modular capabilities. The backdoor allows execution of PowerShell and Windows Command Line Interface commands, and a new implant, TurlaPower-NG, for exfiltrating files. Turla also employs old tactics like compromised WordPress-based websites … Read more
February 15, 2024 at 10:18AM Russian threat actor Turla has been using a new backdoor, TinyTurla-NG, in a campaign targeting Polish non-governmental organizations. The backdoor is similar to TinyTurla, used in previous intrusions. Turla, linked to the FSB, has also targeted the defense sector in Ukraine and Eastern Europe with a .NET-based backdoor called DeliveryCheck. … Read more
November 1, 2023 at 03:49AM Turla, a Russia-linked hacking group, is using an updated version of a backdoor called Kazuar that emphasizes stealth and evasion techniques, according to Palo Alto Networks Unit 42. Kazuar, a .NET-based implant first discovered in 2017, has been improved by the threat actor behind the operation to enhance their attack … Read more