Turla Hackers Deliver Andomeda Malware 

Uploaded on 2023-01-30 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Russian state-sponsored hacking group known as Turla has been identified as using Andromeda malware to attack Ukrainian organisations. Mandiant has detailed the attack in a recent report, stating that the attack was conducted in September 2022.  

The malware is typically deployed by hackers using an infected USB drive and is frequently used for malware delivery and credential theft.

Turla has been active since at least 2006 and is also referred to as Venomous Bear, Krypton, Snake, Wauchos or Gamarue, Andromeda has been active since at least September 2011, capturing infected machines into a botnet.

“USB spreading malware continues to be a useful vector to gain initial access into organisations. In this incident, a USB infected with several strains of older malware was inserted at a Ukrainian organisation in December 2021... When the system's user double clicked a malicious link file (LNK) disguised as a folder within the USB drive, a legacy Andromeda sample was automatically installed and began to beacon out,” says the Mandiant report.

The Turla hacking group has also deployed the ComRAT malware in the past but has since added more tactics and techniques and their sue of the Andromeda malware that first emerged in 2011.

Mandiant said that it was analysing an operation suspected to be the work of Turla when it identified expired Andromeda command and control domains leveraged by the group for victim profiling purposes.  Although the attack occurred last autumn, it is likely that the legacy Andromeda sample was delivered in December 2021 via an infected USB drive.

Mandiant:      Axios:     Oodaloop:    Security Week:       Wired:     Hacker News:     

You Might Also Read: 

Russian Government Hacking Groups Often Work Alone:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ukraine Claims Russian Cyber Attacks Are War Crimes
US Strategy Will Allow Hacking Criminal & Foreign Networks  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

8MAN

8MAN

8MAN is a leading Access Rights Management (ARM) solution in Microsoft and virtual server environments.

MSAB

MSAB

MSAB is a pioneer in forensic technology for mobile device examination.

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

Wizlynx Group

Wizlynx Group

Wizlynx services cover the entire risk management lifecycle from security assessments and compliance to the implementation of security solutions and provision of Managed Security Services.

Visual Guard

Visual Guard

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

ReFoMa

ReFoMa

ReFoMa is a consultancy and advisory company with a focus on information Security.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

Inpher

Inpher

Inpher has pioneered cryptographic Secret Computing® that enables advanced analytics and machine learning while keeping data private, secure, and distributed.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Cyber Command - Romania

Cyber Command - Romania

Cyber Command represents the military authority responsible for the development, protection and resilience of military IT networks and services that support the Romanian Force Structure.

Mode Solutions

Mode Solutions

Mode guarantee IT performance where you need it most, creating seamless and secure solutions that will alleviate pressure from your business.

Barclay Simpson

Barclay Simpson

Barclay Simpson is proud to have a long history of delivering cyber security, technology and governance recruitment services.