Turla Hackers Deliver Andomeda Malware 

The Russian state-sponsored hacking group known as Turla has been identified as using Andromeda malware to attack Ukrainian organisations. Mandiant has detailed the attack in a recent report, stating that the attack was conducted in September 2022.  

The malware is typically deployed by hackers using an infected USB drive and is frequently used for malware delivery and credential theft.

Turla has been active since at least 2006 and is also referred to as Venomous Bear, Krypton, Snake, Wauchos or Gamarue, Andromeda has been active since at least September 2011, capturing infected machines into a botnet.

“USB spreading malware continues to be a useful vector to gain initial access into organisations. In this incident, a USB infected with several strains of older malware was inserted at a Ukrainian organisation in December 2021... When the system's user double clicked a malicious link file (LNK) disguised as a folder within the USB drive, a legacy Andromeda sample was automatically installed and began to beacon out,” says the Mandiant report.

The Turla hacking group has also deployed the ComRAT malware in the past but has since added more tactics and techniques and their sue of the Andromeda malware that first emerged in 2011.

Mandiant said that it was analysing an operation suspected to be the work of Turla when it identified expired Andromeda command and control domains leveraged by the group for victim profiling purposes.  Although the attack occurred last autumn, it is likely that the legacy Andromeda sample was delivered in December 2021 via an infected USB drive.

Mandiant:      Axios:     Oodaloop:    Security Week:       Wired:     Hacker News:     

You Might Also Read: 

Russian Government Hacking Groups Often Work Alone:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

« Ukraine Claims Russian Cyber Attacks Are War Crimes
US Strategy Will Allow Hacking Criminal & Foreign Networks  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

Watch this webinar to see how cloud security posture management (CSPM) tools can fit into your cloud security strategy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

evolutionQ

evolutionQ

evolutionQ delivers quantum-risk management strategies and robust cybersecurity tools designed to be safe in an era with quantum computing technologies.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Coviant Software

Coviant Software

Coviant Software delivers secure managed file transfer (MFT) software that integrates smoothly and easily with business processes.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.