Russian Turla Hackers Specialise In Attacking Government Agencies

Uploaded on 2020-11-11 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Six of the eight samples are for the ComRAT malware, which is used by the Russian Turla  hacking group, while the other two are samples for the Zebrocy malware, which is used by the APT28 hacking group.

Now the Turla has hacked into the systems of a European government organisation according to a report form  Accenture Cyber Threat Intelligence (ACTI).

The state-sponsored Turla group, also known as  Venomous Bear, are known for using unorthodox methods to perform cyber-espionage goals. They are believed to be the main suspect behind attacks targeting the Pentagon and NASA, the U.S. Central Command, the Finnish Foreign Ministry, and various other European Ministries of Foreign Affairs this year. They are famous for using unorthodox methods to perform cyber-espionage goals.

Turla continues to target government organisations using custom malware, including updated legacy tools, designed to maintain persistence through overlapping backdoor access while evading their victim’s defenses.  

The recent attack perfectly lines up with the type of Turla information theft and espionage motivation and its persistent targeting of government-related entities from a wide range of countries.

To compromise the organisation's network, the attackers used a combination of recently updated remote administration Trojans (RATs) and remote procedure call (RPC)-based backdoors including HyperStack, analysed by ACTI between June and October 2020. "Notably, Accenture researchers recently identified novel command and control (C&C) configurations for Turla’s Carbon and Kazuar backdoors on the same victim network," ACTI researchers said.

Over the course of  their espionage campaigns to date, Turla has compromised thousands of systems belonging to governments, embassies, as well as education and research facilities from over 100 countries.

Government entities are advised by ACTI to check network logs for indicators of compromise included at the end of the report and to build detections capable of blocking future Turla attacks.Turla has compromised over thousands of systems belonging to governments, embassies, education and research facilities from over 100 countries in their espionage campaigns.

Accenture said that Turla might continue to use its legacy tools with upgrades, to compromise and maintain long-term access to its victims as these tools are successful against Windows-based networks. ACTI recommends the government entities to check network logs to look for any indicators of compromise included at the end of the report and to build detections capable of blocking Turla attacks in future.

Turla will likely continue to use its legacy tools, albeit with upgrades, to compromise and maintain long term access to its victims because these tools have proven successful against windows-based networks. Government entities, in particular, should check network logs for indicators of compromise and build detections aimed at thwarting this threat actor.

NCSC:    Accenture:     Bleeping Computer:      Data Breaches:     CyberSafe:      BankInfoSecurity:    ZDNet:   RootDaemon

You Might Also Read: 

Russian Spies Attacked Olympic Games With Malware:

 

« The Five Best Ways To Secure Your Cloud Environment
The Market For Remote Desktop Software Is Set To Boom »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM) is engaged by law enforcement in the UK and overseas to advise on establishing and developing Cyber Resilience Centres (CRCs) for business.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

Global Resilience Federation (GRF)

Global Resilience Federation (GRF)

GRF builds, develops and connects security information sharing communities for mutual defense.

Royal United Services Institute (RUSI)

Royal United Services Institute (RUSI)

The Royal United Services Institute is an independent think tank engaged in cutting edge defence and security research. Areas of research include cyber security and resilience.

CYBRI

CYBRI

CYBRI is a cybersecurity company helping businesses detect and remediate mission-critical vulnerabilities before they get exploited by hackers.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.

Hexagate

Hexagate

Hexagate is at the forefront of blockchain threat prevention and automated risk management, proactively detecting and mitigating threats to smart contracts and onchain assets.