Turla Hackers Deliver Andomeda Malware 

Uploaded on 2023-01-30 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Russian state-sponsored hacking group known as Turla has been identified as using Andromeda malware to attack Ukrainian organisations. Mandiant has detailed the attack in a recent report, stating that the attack was conducted in September 2022.  

The malware is typically deployed by hackers using an infected USB drive and is frequently used for malware delivery and credential theft.

Turla has been active since at least 2006 and is also referred to as Venomous Bear, Krypton, Snake, Wauchos or Gamarue, Andromeda has been active since at least September 2011, capturing infected machines into a botnet.

“USB spreading malware continues to be a useful vector to gain initial access into organisations. In this incident, a USB infected with several strains of older malware was inserted at a Ukrainian organisation in December 2021... When the system's user double clicked a malicious link file (LNK) disguised as a folder within the USB drive, a legacy Andromeda sample was automatically installed and began to beacon out,” says the Mandiant report.

The Turla hacking group has also deployed the ComRAT malware in the past but has since added more tactics and techniques and their sue of the Andromeda malware that first emerged in 2011.

Mandiant said that it was analysing an operation suspected to be the work of Turla when it identified expired Andromeda command and control domains leveraged by the group for victim profiling purposes.  Although the attack occurred last autumn, it is likely that the legacy Andromeda sample was delivered in December 2021 via an infected USB drive.

Mandiant:      Axios:     Oodaloop:    Security Week:       Wired:     Hacker News:     

You Might Also Read: 

Russian Government Hacking Groups Often Work Alone:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ukraine Claims Russian Cyber Attacks Are War Crimes
US Strategy Will Allow Hacking Criminal & Foreign Networks  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Akin Gump Strauss Hauer & Feld

Akin Gump Strauss Hauer & Feld

Akin is a leading global law firm providing innovative legal services and business solutions to individuals and institutions. Practice areas include Cybersecurity, Privacy and Data Protection.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

Wooxo

Wooxo

Wooxo provides business security and continuity solutions to protect business data for organisation of all sizes.

Achtwerk

Achtwerk

Achtwerk manufacture the security appliance IRMA for critical infrastructures and networked automation in production plants.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

3wSecurity

3wSecurity

3wSecurity provides visibility to your company’s internet facing systems throughout the security life cycle, allowing for a more thorough approach to vulnerability management.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Force Majeure

Force Majeure

Force Majeure specializes in cybersecurity, incident response, and digital forensics, with experience spanning more than a decade.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

Defence Logic

Defence Logic

Defence Logic is a cyber security company serving clients in many business sectors. Our consultancy services include Penetration Testing, Security Reviews and Monitoring.