Russian Associated Threat Actor Turla Infects European NGO Systems
Key Points
- Turla, a Russia-linked threat actor, has infected several systems belonging to an unidentified European non-governmental organization (NGO).
- The attack used a backdoor code-named TinyTurla-NG to establish themselves in the system.
- Preliminary post-compromise actions were taken by the attackers, including compromising the first end-point, establishing persistence, and adding exceptions to antivirus products active on these endpoints.
Details of the Attack
Researchers at Cisco revealed that Turla, a Russia-based threat actor with a history of substantial attacks, has once again been active. This time, they targeted an unnamed European non-governmental organization (NGO). Turla, notorious for its complex and highly sophisticated attacks, used a backdoor named ‘TinyTurla-NG’ to infect a number of systems. The attackers’ initial actions post system compromise involved breaching the primary endpoint, establishing continuity, and adding exclusions to antivirus programs running on these endpoints.
Post-Infection Strategies Revealed
This not only allowed for uninterrupted, persistent access to the compromised systems but also shows a degree of sophistication and awareness regarding modern cybersecurity measures. The attackers foresaw the hurdles they may face and acted accordingly by disabling the potential defenses of the affected systems, thereby gaining considerable control over these systems.
Conclusion/Hot Take
This attack shows a consistent theme in the bedeviling issue of cybersecurity – the constant battle between offense and defense. Threat actors like Turla continue to adapt and innovate, proving the growing complexity and sophistication of cyber attacks. It underlines the importance of robust security measures and defenses, as well as the need for continuous adaptation and improvement. Security procedures must be constantly scrutinized, tested, and updated to stay one step ahead of these constantly shifting threat landscapes.
Original Article:https://thehackernews.com/2024/03/russia-hackers-using-tinyturla-ng-to.html