Can an old APT learn new tricks? Turla’s TTPs are largely unchanged, but the group recently added a Python backdoor.
Search results for: "turla"
ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only
ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments
In this white paper, we present the analysis of LightNeuron, a backdoor specifically designed to target Microsoft Exchange mail servers. LightNeuron, which the cyberespionage group Turla is believed to have used since at least 2014, can spy on, modify or block any emails going through the compromised mail server, as well as execute commands sent
Turla, also known as Snake, is an espionage group notorious for having breached some heavily-protected networks. They have been busy attacking diplomats and military targets around the world. Among the notable victims were the Finnish Foreign Ministry in 2013 , the Swiss military firm RUAG between 2014 and 2016 and more recently, the German government
The latest ESET research offers a rare glimpse into the mechanics of a particularly stealthy and resilient backdoor that the Turla cyberespionage group can fully control via PDF files attached to emails
ESET researchers have observed a significant change in the campaign of the infamous espionage group
Turla is one of the longest-known state-sponsored cyberespionage groups, with well-known victims such as the US Department of Defense in 2008. The group owns a large toolset that is generally divided into several categories: the most advanced malware is only deployed on machines that are the most interesting to the attackers. Their espionage platform is
In order to establish persistence on the system, the installer tampers with the operating system’s registry. It also creates an administrative account that allows remote access.
Turla is a notorious group that has been targeting governments, government officials and diplomats for years. Although this backdoor has been actively deployed since at least 2016, it has not been documented anywhere. Based on strings found in the samples we analyzed, we have named this backdoor “Gazer”.
The Turla espionage group is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure.
The Turla espionage group has been targeting various institutions for many years. Recently, ESET found several new versions of Carbon.
New ESET research into Turla's malicious toolkit – GDPR turns two – Critical flaw in Android devices
Turla has updated its ComRAT backdoor and now uses the Gmail web interface for Command and Control
ESET researchers have uncovered a new version of ComRAT, a backdoor that the Turla APT group has been using since at least 2007. This white paper analyzes this latest addition to the toolkit of a cyberespionage group that is known to have breached major public and private targets on multiple continents.
A view of the Q1 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
ESET research into Turla's new campaign – What is CEO fraud and how to defend against it – How Microsoft enterprise accounts get hacked
ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families
If exploited, the security hole in Exim could allow attackers to run arbitrary commands on vulnerable mail servers
ESET researchers show how Turla has refreshed its malicious toolkit and how, in an effort to evade detection, the group uses PowerShell to inject malware directly into memory