Collaborate Disseminate
This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. Continue reading APT trends report Q1 2021
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. Continue reading SolarWinds Hack Potentially Linked to Turla APT
Security researchers on Monday linked the SolarWinds breach to a different set of suspected Russian hacking tools, finding commonalities between that attack and the methods of the Turla group. Moscow-based Kaspersky said the source code for Sunburst, one of the nicknames for the malware that attackers used in the SolarWinds hack, overlapped with the Kazuar backdoor that Turla has deployed in the past. The Turla group is known for stalking embassies and ministries of foreign affairs in Europe and elsewhere for sensitive data. Sources have told reporters that the Russian hacking group APT29, or Cozy Bear, is responsible for the SolarWinds attack. Cozy Bear is most often linked to the SVR, the Russian foreign intelligence service. Turla, by contrast, is usually affiliated with another Russian intelligence service, the FSB. U.S. government investigators have only said the attack is “likely Russian in origin.” Cyber threat intelligence firms have been cautious about […]
The post Kaspersky discovers overlap between SolarWinds hack, Turla appeared first on CyberScoop.
Continue reading Kaspersky discovers overlap between SolarWinds hack, Turla
While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years. Continue reading Sunburst backdoor – code overlaps with Kazuar
In a recent cyberattack against an E.U. country’s Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents. Continue reading Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks
There’s little that Russian hackers hate more than being seen as soft. So when U.S. military hackers saw a way to publicly portray them as bumbling and unthreatening in recent weeks, they seized the moment. It all began when Cyber Command, the U.S. Department of Defense’s offensive cyber arm, started working with a graphics company to illustrate foreign government hackers. The military realized it could punch up the reports it releases on foreign hacking operations by adding illustrations, and try to embarrass or infuriate the foreign hacking shops along the way, one U.S. official told CyberScoop. In one case, when Cyber Command started making plans to expose some state-sponsored espionage operations tied to Russia’s Federal Security Service (FSB), the country’s KGB successor, they turned to the graphics company to develop images that would goad the Russians, the official said. “Russia hates to be seen as cuddly or cozy so we want to tick them off,” said the official, who was not authorized […]
The post How the Pentagon is trolling Russian, Chinese hackers with cartoons appeared first on CyberScoop.
Continue reading How the Pentagon is trolling Russian, Chinese hackers with cartoons
Turla has outfitted a trio of backdoors with new C2 tricks and increased interop, as seen in an attack on a European government. Continue reading Russian Espionage Group Updates Custom Malware Suite
Turla, a group of suspected Russian hackers known for pinpoint espionage operations, have used updated tools to breach the computer network of an unnamed European government organization, according to new research. The research from consulting giant Accenture shows how, despite a large body of public data on Turla techniques, and a warning from Estonian authorities linking the hackers with Russia’s FSB intelligence agency, the group remains adept at infiltrating European government networks. The hacking tools are tailored to the victim organization, which Accenture did not name, and have been used over the last few months to burrow into the internal network and then ping an external server controlled by the attackers. The stealth is typical of Turla, which is known for stalking embassies and foreign affairs ministries in Europe and elsewhere for sensitive data. Turla’s tools are associated with a damaging breach of U.S. military networks in the mid-to-late 1990s, and an attack on […]
The post Why, and how, Turla spies keep returning to European government networks appeared first on CyberScoop.
Continue reading Why, and how, Turla spies keep returning to European government networks
This summary is based on our threat intelligence research and provides a representative snapshot of what we have published and discussed, focusing on activities that we observed during Q2 2020. Continue reading APT trends report Q2 2020
A “very rare” malware has been used by an unknown threat actor in cyberattacks against two different Russian organizations in 2017. Continue reading AcidBox Malware Uncovered Using Repurposed VirtualBox Exploit