Turla Archives - Security Affairs

Pierluigi Paganini December 05, 2024

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. Researchers from Microsoft Threat Intelligence collected evidence that the Russia-linked ATP group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has used the tools and infrastructure of at least 6 other threat actors during the […]

Pierluigi Paganini February 16, 2024

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Russia-linked APT group Turla has been spotted targeting Polish non-governmental organizations (NGO) with a new backdoor dubbed TinyTurla-NG. Russia-linked cyberespionage group Turla has been spotted using a new backdoor dubbed TinyTurla-NG in attacks aimed at Polish non-governmental organizations. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle […]

Pierluigi Paganini May 10, 2023

US disrupts Russia-linked Snake implant’s network

The US government announced to have disrupted the peer-to-peer (P2P) network of computers compromised by the Snake malware. The Snake implant is one of the most sophisticated implants used by Russia-linked threat actors for cyberespionage purposes. The malware has been designed and used by Center 16 of Russia’s Federal Security Service (FSB) in cyber espionage […]

Pierluigi Paganini January 11, 2021

Connecting the dots between SolarWinds and Russia-linked Turla APT

Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla’s backdoor Kazuar. Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. The discovery […]

Pierluigi Paganini December 02, 2020

Russia-linked APT Turla used a new malware toolset named Crutch

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active […]

Pierluigi Paganini October 29, 2020

US Cyber Command details implants used in attacks on parliaments and embassies

US Cyber Command published technical details on malware implants used by Russia-linked APTs on multiple parliaments, embassies US Cyber Command shared technical details about malware implants employed by Russian hacking groups in attacks against multiple ministries of foreign affairs, national parliaments, and embassies. Experts from the US Cyber Command’s Cyber National Mission Force (CNMF) unit […]

Pierluigi Paganini October 29, 2020

Russia-linked Turla APT hacked European government organization

Russia-linked APT Turla has hacked into the systems of an undisclosed European government organization according to Accenture. According to a report published by Accenture Cyber Threat Intelligence (ACTI), Russia-linked cyber-espionage group Turla has hacked into the systems of an undisclosed European government organization. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting […]

Pierluigi Paganini May 26, 2020

New Turla ComRAT backdoor uses Gmail for Command and Control

Researchers uncovered a new advanced variant of Turla’s ComRAT backdoor that leverages Gmail’s web interface as C2 infrastructure. Cybersecurity researchers discovered a new version of the ComRAT backdoor, also known as Agent.BTZ, which is a malware that was employed in past campaigns attributed to the Turla APT group. Earlier versions of Agent.BTZ were used to […]

Pierluigi Paganini May 15, 2020

Russian APT Turla’s COMpfun malware uses HTTP status codes to receive commands

Russia-linked cyberespionage group Turla targets diplomatic entities in Europe with a new piece of malware tracked as COMpfun. Security experts from Kaspersky Lab have uncovered a new cyberespionage campaign carried out by Russia-linked APT Turla that employs a new version of the COMpfun malware. The new malware allows attackers to control infected hosts using a […]

Pierluigi Paganini March 13, 2020

Russia-Linked Turla APT uses new malware in watering hole attacks

The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous […]

Turla

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

US disrupts Russia-linked Snake implant’s network

Connecting the dots between SolarWinds and Russia-linked Turla APT

Russia-linked APT Turla used a new malware toolset named Crutch

US Cyber Command details implants used in attacks on parliaments and embassies

Russia-linked Turla APT hacked European government organization

New Turla ComRAT backdoor uses Gmail for Command and Control

Russian APT Turla’s COMpfun malware uses HTTP status codes to receive commands

Russia-Linked Turla APT uses new malware in watering hole attacks

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

QUICK LINKS

Turla

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!