Russian Turla Hackers Specialise In Attacking Government Agencies

Uploaded on 2020-11-11 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Six of the eight samples are for the ComRAT malware, which is used by the Russian Turla  hacking group, while the other two are samples for the Zebrocy malware, which is used by the APT28 hacking group.

Now the Turla has hacked into the systems of a European government organisation according to a report form  Accenture Cyber Threat Intelligence (ACTI).

The state-sponsored Turla group, also known as  Venomous Bear, are known for using unorthodox methods to perform cyber-espionage goals. They are believed to be the main suspect behind attacks targeting the Pentagon and NASA, the U.S. Central Command, the Finnish Foreign Ministry, and various other European Ministries of Foreign Affairs this year. They are famous for using unorthodox methods to perform cyber-espionage goals.

Turla continues to target government organisations using custom malware, including updated legacy tools, designed to maintain persistence through overlapping backdoor access while evading their victim’s defenses.  

The recent attack perfectly lines up with the type of Turla information theft and espionage motivation and its persistent targeting of government-related entities from a wide range of countries.

To compromise the organisation's network, the attackers used a combination of recently updated remote administration Trojans (RATs) and remote procedure call (RPC)-based backdoors including HyperStack, analysed by ACTI between June and October 2020. "Notably, Accenture researchers recently identified novel command and control (C&C) configurations for Turla’s Carbon and Kazuar backdoors on the same victim network," ACTI researchers said.

Over the course of  their espionage campaigns to date, Turla has compromised thousands of systems belonging to governments, embassies, as well as education and research facilities from over 100 countries.

Government entities are advised by ACTI to check network logs for indicators of compromise included at the end of the report and to build detections capable of blocking future Turla attacks.Turla has compromised over thousands of systems belonging to governments, embassies, education and research facilities from over 100 countries in their espionage campaigns.

Accenture said that Turla might continue to use its legacy tools with upgrades, to compromise and maintain long-term access to its victims as these tools are successful against Windows-based networks. ACTI recommends the government entities to check network logs to look for any indicators of compromise included at the end of the report and to build detections capable of blocking Turla attacks in future.

Turla will likely continue to use its legacy tools, albeit with upgrades, to compromise and maintain long term access to its victims because these tools have proven successful against windows-based networks. Government entities, in particular, should check network logs for indicators of compromise and build detections aimed at thwarting this threat actor.

NCSC:    Accenture:     Bleeping Computer:      Data Breaches:     CyberSafe:      BankInfoSecurity:    ZDNet:   RootDaemon

You Might Also Read: 

Russian Spies Attacked Olympic Games With Malware:

 

« The Five Best Ways To Secure Your Cloud Environment
The Market For Remote Desktop Software Is Set To Boom »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

Vigilant Software

Vigilant Software

Vigilant Software develops industry-leading tools for intelligent, simplified compliance, including ISO27001-risk management and EU GDPR.

FutureCon Events

FutureCon Events

FutureCon produces cutting edge events aimed for Senior Level Professionals working in the security community, bringing together the best minds in the industry for a unique cybersecurity event.

Informer

Informer

Informer provides an Attack Surface Management SaaS platform alongside penetration testing services. We combine machine learning and human intelligence to reduce cyber risk.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

EPIQ Infotech

EPIQ Infotech

EPIQ Infotech is a trusted consulting and implementation partner for Oracle JD Edwards and Amazon Web Services (AWS).

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.