Scroll Top
11111 Katy Freeway Ste.910, Houston, TX, USA 77079
+1 281-849-1614
Join Now

Russian Threat Actor Turla Strikes European NGO with TinyTurla-NG: A Cybersecurity Analysis

chatcmpl-95G1zC6rRPBFKP16xUMwc5CH718PV
Cyber Security

Russian Associated Threat Actor Turla Infects European NGO Systems

Key Points

  • Turla, a Russia-linked threat actor, has infected several systems belonging to an unidentified European non-governmental organization (NGO).
  • The attack used a backdoor code-named TinyTurla-NG to establish themselves in the system.
  • Preliminary post-compromise actions were taken by the attackers, including compromising the first end-point, establishing persistence, and adding exceptions to antivirus products active on these endpoints.

Details of the Attack

Researchers at Cisco revealed that Turla, a Russia-based threat actor with a history of substantial attacks, has once again been active. This time, they targeted an unnamed European non-governmental organization (NGO). Turla, notorious for its complex and highly sophisticated attacks, used a backdoor named ‘TinyTurla-NG’ to infect a number of systems. The attackers’ initial actions post system compromise involved breaching the primary endpoint, establishing continuity, and adding exclusions to antivirus programs running on these endpoints.

Post-Infection Strategies Revealed

This not only allowed for uninterrupted, persistent access to the compromised systems but also shows a degree of sophistication and awareness regarding modern cybersecurity measures. The attackers foresaw the hurdles they may face and acted accordingly by disabling the potential defenses of the affected systems, thereby gaining considerable control over these systems.

Conclusion/Hot Take

This attack shows a consistent theme in the bedeviling issue of cybersecurity – the constant battle between offense and defense. Threat actors like Turla continue to adapt and innovate, proving the growing complexity and sophistication of cyber attacks. It underlines the importance of robust security measures and defenses, as well as the need for continuous adaptation and improvement. Security procedures must be constantly scrutinized, tested, and updated to stay one step ahead of these constantly shifting threat landscapes.


Original Article:https://thehackernews.com/2024/03/russia-hackers-using-tinyturla-ng-to.html

Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required
Privacy Policy Cookies Policy