Collaborate Disseminate
Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team, is now being made available to a wider audience. Continue reading Looking at Big Threats Using Code Similarity. Part 1
A notorious group of suspected Russian hackers have used a revamped tool to spy on governments in Eastern Europe and quietly steal sensitive documents from their networks, researchers said Tuesday. The discovery shines greater light on the operations of Turla, an elite cyber-espionage group that’s been around well over a decade and is widely believed to be working on behalf of Russia’s FSB intelligence agency. It’s the latest example of Turla’s ability to write code designed to lurk on victim computers for years and extract state secrets. Turla is “still actively developing complex and custom pieces of malware in order to achieve long-term persistence in their target’s network,” said Matthieu Faou, a malware researcher at anti-virus firm ESET, who analyzed the code. The attacks started roughly two years ago, and hit two foreign affairs ministries in Eastern Europe and a national parliament in the Caucasus region bordering Russia, according to […]
The post ‘Turla’ spies have been stealing documents from foreign ministries in Eastern Europe, researchers find appeared first on CyberScoop.
An updated version of the ComRAT malware was discovered in attacks on governmental targets. Continue reading Turla APT Revamps One of Its Go-To Spy Tools
Descended from the COMPFun RAT, the malware can propagate to removable drives. Continue reading Innovative Spy Trojan Targets European Diplomatic Targets
In autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. Later in November 2019 we revealed a new Trojan using the same code base as COMPFun. Continue reading COMpfun authors spoof visa application with HTTP status-based Trojan
Computer code used by hackers tied to Russia’s FSB intelligence agency has haunted governments around the world for years. The hackers’ tools have been associated with a damaging breach of U.S. military networks in the mid-to-late 1990s, and used in a cunning hijacking of Iranian infrastructure more than two decades later. Now, malware analysts have surfaced a new piece of code that they say the Russian hacking group, dubbed Turla, is using to spy on government websites in the Eurasian country of Armenia. The Turla operatives set up malicious web infrastructure known as a “watering hole” in an apparent attempt to surveil Armenian government officials last year. “It is likely that the Turla operators already know who they want to target and may even know the ranges of IP addresses they generally use” before carrying out an operation, said Matthieu Faou, malware researcher at ESET, the antivirus firm that discovered the campaign. ESET knows of […]
The post Russian intelligence-backed hackers go after Armenian government websites with new code appeared first on CyberScoop.
Mobile espionage targeting the Middle East, new FinSpy iOS and Android implants, Dtrack banking malware and other security news Continue reading IT threat evolution Q3 2019
A fresh look at the penetration testing tool Metasploit reveals the 15-year old hacking tool still has some tricks up its sleeves, even against modern defenses. Continue reading 15 Years Later, Metasploit Still Manages to be a Menace
The Russian-speaking APT stole the Neuron and Nautilus implants and accessed the Iranian APT’s C2 infrastructure. Continue reading Turla Compromises, Infiltrates Iranian APT Infrastructure
Russian-linked hackers known as the Turla group have been piggybacking on Iranian hackers’ tools and infrastructure for years now to run their own attacks, according to a joint announcement Monday from the National Security Agency and the U.K.’s National Cyber Security Centre. A two-year long investigation revealed that the Turla group, which has been linked to Russian intelligence, scanned for the presence of Iranian-built backdoors, then used them to try gaining a foothold in victim networks in at least 35 countries, largely in the Middle East, according to the NSA. This announcement again demonstrates how hackers will use other attackers’ techniques, creating the false impression that one espionage group is behind an operation when, in fact, it’s another. “Turla acquired access to Iranian tools and the ability to identify and exploit them to further their own aims,” the NCSC’s Director of Operations, Paul Chichester, said in a statement. Turla would run its own cyber-espionage operations using […]
The post Russian hackers have been mooching off existing OilRig infrastructure appeared first on CyberScoop.
Continue reading Russian hackers have been mooching off existing OilRig infrastructure