Sunburst backdoor shares features with Russian APT malware

Posted by & filed under Security News.

Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows feature overlaps with Kazuar, a .NET backdoor tentatively linked to the Russian Turla hacking group. Turla (aka VENOMOUS BEAR and Waterbug) has been coordinating information theft and espionage campaigns as far back as 1996 and is the main suspect behind attacks targeting the Pentagon and NASA, the U.S…. Read more »

US shares info on Russian malware used to target parliaments, embassies

Posted by & filed under Ειδοποιήσεις.

US Cyber Command today shared information on malware implants used by Russian hacking groups in attacks targeting multiple ministries of foreign affairs, national parliaments, and embassies. The malware samples were identified by US Cyber Command’s Cyber National Mission Force (CNMF) unit and the Cybersecurity and Infrastructure Security Agency (CISA) and uploaded today to the Virus… Read more »

Russian Cyber-Spies use Gmail to control updated ComRAT Malware

Posted by & filed under Ειδοποιήσεις.

ESET security researchers have discovered a new version of the ComRAT backdoor controlled using the Gmail web interface and used by the state-backed Russian hacker group Turla for harvesting and stealing in attacks against governmental institutions. Using Gmail for command-and-control purposes fits right in with other exploits of the Russian-speaking Turla group (also tracked as Waterbug, Snake, or VENOMOUS BEAR)… Read more »

HTTP Status Codes Command This Malware How to Control Hacked Systems

Posted by & filed under Ειδοποιήσεις.

A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with “medium-to-low level of confidence” based on the history of compromised victims—spread via an initial… Read more »

Turla renews its arsenal with Topinambour

Posted by & filed under Ειδοποιήσεις.

Turla, also known as Venomous Bear, Waterbug, and Uroboros, is a Russian speaking threat actor known since 2014, but with roots that go back to 2004 and earlier. It is a complex cyberattack platform focused predominantly on diplomatic and government-related targets, particularly in the Middle East, Central and Far East Asia, Europe, North and South… Read more »