Thursday, March 23, 2023
  • Donate
  • Newsletter
  • ru_RUРусский
  • en_USEnglish
Russian Free Press
  • Home
  • All news
  • Russia
  • Ukraine
  • World
  • Tags
    • Navalny
    • Arrests and Attacks
    • Court
    • Kazakhstan
    • Coronavirus
    • Election 2021
    • Almaty
    • Putin
    • USA
    • Murders
    • Death
    • Rape
    • Germany
  • Special Projects
    • Stories
    • One year after
No Result
View All Result
Russian Free Press

FSB-linked group Turla attacks networks in Ukraine using old viruses from other hackers – Mandiant

January 6, 2023
in Daily News
Share on FacebookShare on Twitter

The FSB-linked cyber-espionage group Turla has learned to attack targets that have previously been infected by other hackers. Cybersecurity company Mandiant draws attention to this.

Mandiant first discovered the new Turla equipment in September 2022, when experts noticed a gap in one of the systems in Ukraine. Several computers on the network were infected after someone inserted a USB drive into one of their ports and double-clicked a malicious file on the drive that was disguised as a folder, installing a piece of malware called Andromeda.

Andromeda is a relatively common banking Trojan that has been used by cybercriminals to steal victims' credentials since 2013. But on one of the infected devices, Mandiant analysts saw that the Andromeda sample silently downloaded two other, more unusual pieces of malware. The first, a reconnaissance tool called Kopiluwak, was previously used by Turla; the second was a piece of malware known as Quietcanary, which compresses and pumps carefully selected data from the target computer, and was also used exclusively by Turla in the past. “That was a wake-up call for us,” says Mandiant threat analyst Gabby Roncone.

This infection technique appears to be designed to allow Turla to remain undetected by hiding behind other hackers. This shows that the methods of the Russian group have changed and become much more sophisticated over the past decade and a half, says John Hultquist, head of intelligence analysis at Mandiant:

“Because the malware was already distributed via USB, Turla can exploit this without revealing itself. Instead of using their own USB tools like agent.btz, they can use someone else's. They use other people's operations. It's a really smart way to do business."

Read also

Channel One’s “anti-fake” about the radiation hazard of depleted uranium turned out to be a fake

March 23, 2023

Russia cannot fulfill contracts with India for the supply of S-400 systems, for which there are no components due to sanctions

March 23, 2023

Fake program “Time will tell”: Britney Spears was blocked on Instagram for a post in support of Donbass

March 23, 2023

The court in the “DPR” sentenced two Ukrainian soldiers to 25 years in prison, they were accused of “execution of two residents of Mariupol”

March 23, 2023

The son of the governor of the Krasnoyarsk Territory, Artem Uss, who was supposed to be extradited to the United States, escaped from house arrest in Milan

March 23, 2023

Advertising PMC Wagner with a promising “friendly team” Prigozhin began to be shown on television

March 23, 2023

RECOMMENDED NEWS

Взрывы произошли у здания министерства образования в столице…

5 months ago

EU countries have tentatively agreed on a $60…

4 months ago

Yevgeny Prigozhin confirmed that he is the creator of the “troll factory”

1 month ago

Medical and sanitary units (MSCh) in the colonies…

4 months ago

Newsletter

Be the first to get the news in the Telegram newsletter!

  • About
  • Contact
  • Privacy
  • Cookie
  • Terms
  • Donate
  • Advertise
  • Sitemap
contact@russianfreepress.com

© 2022 Russian Free Press - Honest news about Russia and the whole world.

No Result
View All Result
  • Home
  • All news
  • Russia
  • Ukraine
  • World
  • Tags
    • Navalny
    • Arrests and Attacks
    • Court
    • Kazakhstan
    • Coronavirus
    • Election 2021
    • Almaty
    • Putin
    • USA
    • Murders
    • Death
    • Rape
    • Germany
  • Special Projects
    • Stories
    • One year after

© 2022 Russian Free Press - Honest news about Russia and the whole world.

en_USEnglish
ru_RUРусский en_USEnglish