According to the Accenture Cyber Threat Intelligence (ACTI) report, Russia-linked APT Turla hacked into the systems of an undisclosed European organisation.
According to the Accenture Cyber Threat Intelligence (ACTI) report, Russia-linked APT Turla hacked into the systems of an undisclosed European organisation.
The attackers used a combination of remote procedure call (RPC)-based backdoors, such as HyperStack and remote administration trojans (RATs) such as Kazur and Carbon, to compromise the organisation’s network, analysed by ACTI researchers between June and October 2020.
“Notably, Accenture researchers recently observed novel command and control (C&C) configurations for Turla’s Carbon and Kazuar backdoors on the same victim network, ” read the report published by Accenture.
“The Kazuar instances differed in configuration between using external C&C nodes off the victim network and internal nodes on the affected network, and the Carbon instance had been updated to include a Pastebin project to receive encrypted tasks alongside its traditional HTTP C&C infrastructure.”
According to BleepingComputer, during their espionage campaigns, Turla has compromised thousands of systems belonging to governments, embassies, as well as educational institutes and research facilities from over 100 countries.
ACTI also shared Indicators of Compromise (IoCs) to allow governmental entities to check for evidence of compromise within their network logs and to build detections capable of blocking future Turla attacks.
“Turla will likely continue to use its legacy tools, albeit with upgrades, to compromise and maintain long-term access to its victims because these tools have proven successful against Windows-based networks," Accenture said.
The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting government or military agencies in at least 35 countries.
Turla is known for its potential to hide its activities from security analysts and government investigators.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?