Russian Turla Hackers Specialise In Attacking Government Agencies

Uploaded on 2020-11-11 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Six of the eight samples are for the ComRAT malware, which is used by the Russian Turla  hacking group, while the other two are samples for the Zebrocy malware, which is used by the APT28 hacking group.

Now the Turla has hacked into the systems of a European government organisation according to a report form  Accenture Cyber Threat Intelligence (ACTI).

The state-sponsored Turla group, also known as  Venomous Bear, are known for using unorthodox methods to perform cyber-espionage goals. They are believed to be the main suspect behind attacks targeting the Pentagon and NASA, the U.S. Central Command, the Finnish Foreign Ministry, and various other European Ministries of Foreign Affairs this year. They are famous for using unorthodox methods to perform cyber-espionage goals.

Turla continues to target government organisations using custom malware, including updated legacy tools, designed to maintain persistence through overlapping backdoor access while evading their victim’s defenses.  

The recent attack perfectly lines up with the type of Turla information theft and espionage motivation and its persistent targeting of government-related entities from a wide range of countries.

To compromise the organisation's network, the attackers used a combination of recently updated remote administration Trojans (RATs) and remote procedure call (RPC)-based backdoors including HyperStack, analysed by ACTI between June and October 2020. "Notably, Accenture researchers recently identified novel command and control (C&C) configurations for Turla’s Carbon and Kazuar backdoors on the same victim network," ACTI researchers said.

Over the course of  their espionage campaigns to date, Turla has compromised thousands of systems belonging to governments, embassies, as well as education and research facilities from over 100 countries.

Government entities are advised by ACTI to check network logs for indicators of compromise included at the end of the report and to build detections capable of blocking future Turla attacks.Turla has compromised over thousands of systems belonging to governments, embassies, education and research facilities from over 100 countries in their espionage campaigns.

Accenture said that Turla might continue to use its legacy tools with upgrades, to compromise and maintain long-term access to its victims as these tools are successful against Windows-based networks. ACTI recommends the government entities to check network logs to look for any indicators of compromise included at the end of the report and to build detections capable of blocking Turla attacks in future.

Turla will likely continue to use its legacy tools, albeit with upgrades, to compromise and maintain long term access to its victims because these tools have proven successful against windows-based networks. Government entities, in particular, should check network logs for indicators of compromise and build detections aimed at thwarting this threat actor.

NCSC:    Accenture:     Bleeping Computer:      Data Breaches:     CyberSafe:      BankInfoSecurity:    ZDNet:   RootDaemon

You Might Also Read: 

Russian Spies Attacked Olympic Games With Malware:

 

« The Five Best Ways To Secure Your Cloud Environment
The Market For Remote Desktop Software Is Set To Boom »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

Agenci

Agenci

Agenci are specialists in cyber security and information security and deliver ISO 27001 Certification.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

Wallix

Wallix

Wallix is a software company offering privileged access management solutions for enterprises, public organizations and cloud service providers

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Featurespace

Featurespace

Featurespace is a world-leader in Adaptive Behavioural Analytics and creator of the ARIC platform for fraud and risk management.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

OneZero Solutions

OneZero Solutions

OneZero specialize in cybersecurity operations, information assurance, computer network operations, solutions engineering, and project management.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

DataTrails

DataTrails

DataTrails enables organizations to prove and verify the provenance and authenticity of any data they use in their business operations.