Russian Turla Hackers Specialise In Attacking Government Agencies

US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Six of the eight samples are for the ComRAT malware, which is used by the Russian Turla  hacking group, while the other two are samples for the Zebrocy malware, which is used by the APT28 hacking group.

Now the Turla has hacked into the systems of a European government organisation according to a report form  Accenture Cyber Threat Intelligence (ACTI).

The state-sponsored Turla group, also known as  Venomous Bear, are known for using unorthodox methods to perform cyber-espionage goals. They are believed to be the main suspect behind attacks targeting the Pentagon and NASA, the U.S. Central Command, the Finnish Foreign Ministry, and various other European Ministries of Foreign Affairs this year. They are famous for using unorthodox methods to perform cyber-espionage goals.

Turla continues to target government organisations using custom malware, including updated legacy tools, designed to maintain persistence through overlapping backdoor access while evading their victim’s defenses.  

The recent attack perfectly lines up with the type of Turla information theft and espionage motivation and its persistent targeting of government-related entities from a wide range of countries.

To compromise the organisation's network, the attackers used a combination of recently updated remote administration Trojans (RATs) and remote procedure call (RPC)-based backdoors including HyperStack, analysed by ACTI between June and October 2020. "Notably, Accenture researchers recently identified novel command and control (C&C) configurations for Turla’s Carbon and Kazuar backdoors on the same victim network," ACTI researchers said.

Over the course of  their espionage campaigns to date, Turla has compromised thousands of systems belonging to governments, embassies, as well as education and research facilities from over 100 countries.

Government entities are advised by ACTI to check network logs for indicators of compromise included at the end of the report and to build detections capable of blocking future Turla attacks.Turla has compromised over thousands of systems belonging to governments, embassies, education and research facilities from over 100 countries in their espionage campaigns.

Accenture said that Turla might continue to use its legacy tools with upgrades, to compromise and maintain long-term access to its victims as these tools are successful against Windows-based networks. ACTI recommends the government entities to check network logs to look for any indicators of compromise included at the end of the report and to build detections capable of blocking Turla attacks in future.

Turla will likely continue to use its legacy tools, albeit with upgrades, to compromise and maintain long term access to its victims because these tools have proven successful against windows-based networks. Government entities, in particular, should check network logs for indicators of compromise and build detections aimed at thwarting this threat actor.

NCSC:    Accenture:     Bleeping Computer:      Data Breaches:     CyberSafe:      BankInfoSecurity:    ZDNet:   RootDaemon

You Might Also Read: 

Russian Spies Attacked Olympic Games With Malware:

 

« The Five Best Ways To Secure Your Cloud Environment
The Market For Remote Desktop Software Is Set To Boom »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Encode

Encode

Encode delivers a cutting edge Security Analytics & Response Orchestration platform and best of breed Cyber Security Operations and Services.

Mitol PerfectBackup

Mitol PerfectBackup

Mitol PerfectBackup provide Enterprise Online Backup, Disaster Recovery and Cloud Computing Services.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

Multitel

Multitel

Multitel is an independent research centre. We develop and integrate emerging technologies into the industrial fabric at the regional and international levels.

WiJungle

WiJungle

WiJungle is an Indian Cyber Security Company that develops and markets a unified network security gateway solution.

Yellow Brand Protection

Yellow Brand Protection

Yellow Brand Protection operates 24/7 to protect brands' Intellectual Property (IP) from infringements on all kinds of online distribution channels.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

Secure Digital Solutions (SDS)

Secure Digital Solutions (SDS)

Secure Digital Solutions is a leading consulting firm in the business of information security providing cyber security program strategy, enterprise risk and compliance, and data privacy.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

CyberSG TIG Centre

CyberSG TIG Centre

CyberSG TIG Centre aims to propel Singapore as the world’s premier cybersecurity innovation hub for economic growth.