Turla Hackers Deliver Andomeda Malware 

The Russian state-sponsored hacking group known as Turla has been identified as using Andromeda malware to attack Ukrainian organisations. Mandiant has detailed the attack in a recent report, stating that the attack was conducted in September 2022.  

The malware is typically deployed by hackers using an infected USB drive and is frequently used for malware delivery and credential theft.

Turla has been active since at least 2006 and is also referred to as Venomous Bear, Krypton, Snake, Wauchos or Gamarue, Andromeda has been active since at least September 2011, capturing infected machines into a botnet.

“USB spreading malware continues to be a useful vector to gain initial access into organisations. In this incident, a USB infected with several strains of older malware was inserted at a Ukrainian organisation in December 2021... When the system's user double clicked a malicious link file (LNK) disguised as a folder within the USB drive, a legacy Andromeda sample was automatically installed and began to beacon out,” says the Mandiant report.

The Turla hacking group has also deployed the ComRAT malware in the past but has since added more tactics and techniques and their sue of the Andromeda malware that first emerged in 2011.

Mandiant said that it was analysing an operation suspected to be the work of Turla when it identified expired Andromeda command and control domains leveraged by the group for victim profiling purposes.  Although the attack occurred last autumn, it is likely that the legacy Andromeda sample was delivered in December 2021 via an infected USB drive.

Mandiant:      Axios:     Oodaloop:    Security Week:       Wired:     Hacker News:     

You Might Also Read: 

Russian Government Hacking Groups Often Work Alone:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« Ukraine Claims Russian Cyber Attacks Are War Crimes
US Strategy Will Allow Hacking Criminal & Foreign Networks  »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Global Secure Solutions (GSS)

Global Secure Solutions (GSS)

Global Secure Solutions is an IT security and risk consulting firm and authorised ISO training partner for the PECB.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Zscaler

Zscaler

Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

XTN Cognitive Security

XTN Cognitive Security

XTN is focused on the development of security, Fraud and Mobile Threat Prevention advanced behaviour-based solutions.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

National Cybersecurity Preparedness Consortium (NCPC) - USA

National Cybersecurity Preparedness Consortium (NCPC) - USA

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

SITA

SITA

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry including vulnerability assessments and managed security services.

ConvergeOne

ConvergeOne

ConvergeOne is a leading global IT services provider of collaboration and technology solutions including cybersecurity.

Pinpoint Search Group

Pinpoint Search Group

Pinpoint Search Group's recruiters specialize in Information Management, Cyber Security, Cloud and Robotic Process Automation (RPA).

Mayhem

Mayhem

Mayhem, by ForAllSecure, is a developer-first application and API security testing solution.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

FearsOff

FearsOff

FearsOff is a global information security company serving clients worldwide. White hat operators with a black hat mindset to emulate real world attacks and everchanging threat vectors.