Russian Turla Hackers Specialise In Attacking Government Agencies

Uploaded on 2020-11-11 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Six of the eight samples are for the ComRAT malware, which is used by the Russian Turla  hacking group, while the other two are samples for the Zebrocy malware, which is used by the APT28 hacking group.

Now the Turla has hacked into the systems of a European government organisation according to a report form  Accenture Cyber Threat Intelligence (ACTI).

The state-sponsored Turla group, also known as  Venomous Bear, are known for using unorthodox methods to perform cyber-espionage goals. They are believed to be the main suspect behind attacks targeting the Pentagon and NASA, the U.S. Central Command, the Finnish Foreign Ministry, and various other European Ministries of Foreign Affairs this year. They are famous for using unorthodox methods to perform cyber-espionage goals.

Turla continues to target government organisations using custom malware, including updated legacy tools, designed to maintain persistence through overlapping backdoor access while evading their victim’s defenses.  

The recent attack perfectly lines up with the type of Turla information theft and espionage motivation and its persistent targeting of government-related entities from a wide range of countries.

To compromise the organisation's network, the attackers used a combination of recently updated remote administration Trojans (RATs) and remote procedure call (RPC)-based backdoors including HyperStack, analysed by ACTI between June and October 2020. "Notably, Accenture researchers recently identified novel command and control (C&C) configurations for Turla’s Carbon and Kazuar backdoors on the same victim network," ACTI researchers said.

Over the course of  their espionage campaigns to date, Turla has compromised thousands of systems belonging to governments, embassies, as well as education and research facilities from over 100 countries.

Government entities are advised by ACTI to check network logs for indicators of compromise included at the end of the report and to build detections capable of blocking future Turla attacks.Turla has compromised over thousands of systems belonging to governments, embassies, education and research facilities from over 100 countries in their espionage campaigns.

Accenture said that Turla might continue to use its legacy tools with upgrades, to compromise and maintain long-term access to its victims as these tools are successful against Windows-based networks. ACTI recommends the government entities to check network logs to look for any indicators of compromise included at the end of the report and to build detections capable of blocking Turla attacks in future.

Turla will likely continue to use its legacy tools, albeit with upgrades, to compromise and maintain long term access to its victims because these tools have proven successful against windows-based networks. Government entities, in particular, should check network logs for indicators of compromise and build detections aimed at thwarting this threat actor.

NCSC:    Accenture:     Bleeping Computer:      Data Breaches:     CyberSafe:      BankInfoSecurity:    ZDNet:   RootDaemon

You Might Also Read: 

Russian Spies Attacked Olympic Games With Malware:

 

« The Five Best Ways To Secure Your Cloud Environment
The Market For Remote Desktop Software Is Set To Boom »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Data Privacy Office (DPO) - Belarus

Data Privacy Office (DPO) - Belarus

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Ascent Cyber

Ascent Cyber

Ascent Cyber provide simple and stress-free solutions to protect your business and its customers from the worries and costs of cybercrime.

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

NVISIONx

NVISIONx

NVISIONx data risk governance platform enables companies to gain control of their enterprise data to reduce data risks, compliance scopes and storage costs.

Hayes Connor Solicitors

Hayes Connor Solicitors

Hayes Connor Solicitors is a specialist data breach and cybercrime law firm. We act for clients on individual data breaches and also where a group has been compromised as part of a targeted attack.

Route1

Route1

Route1 is an advanced provider of secure data intelligence solutions to drive your business forward.

Inspectiv

Inspectiv

Inspectiv offers a turn-key solution to continuously identify security vulnerabilities and provide security assurance.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

Nasuni

Nasuni

The Nasuni File Data Platform offers the protection, detection, and recovery of file shares from ransomware attacks or random disasters within minutes.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

ThreatMon

ThreatMon

Gain insights into emerging threats with real-time data and AI-driven analysis to stay ahead of cyber risks. Detect, analyze, and respond to threats before they happen.