15.5 C
Thursday, February 15, 2024

Russian Turla Hackers Goal Polish NGOs with New TinyTurla-NG Backdoor

Feb 15, 2024NewsroomMalware / Cyber Espionage

Russian Turla Hackers

The Russia-linked menace actor referred to as Turla has been noticed utilizing a brand new backdoor known as TinyTurla-NG as a part of a three-month-long marketing campaign concentrating on Polish non-governmental organizations in December 2023.

“TinyTurla-NG, identical to TinyTurla, is a small ‘final likelihood’ backdoor that’s left behind for use when all different unauthorized entry/backdoor mechanisms have failed or been detected on the contaminated techniques,” Cisco Talos mentioned in a technical report printed at present.

TinyTurla-NG is so named for exhibiting similarities with TinyTurla, one other implant utilized by the adversarial collective in intrusions aimed on the U.S., Germany, and Afghanistan since a minimum of 2020. TinyTurla was first documented by the cybersecurity firm in September 2021.


Turla, additionally recognized by the names Iron Hunter, Pensive Ursa, Secret Blizzard (previously Krypton), Snake, Uroburos, and Venomous Bear, is a Russian state-affiliated menace actor linked to the Federal Safety Service (FSB).

In latest months, the menace actor has singled out the protection sector in Ukraine and Japanese Europe with a novel .NET-based backdoor known as DeliveryCheck, whereas additionally upgrading its staple second-stage implant known as Kazuar, which it has put to make use of as early as 2017.

The newest marketing campaign involving TinyTurla-NG dates again to December 18, 2023, and is alleged to have been ongoing up till January 27, 2024. Nevertheless, it is suspected that the exercise might have really commenced in November 2023 primarily based on the malware compilation dates.

It is at present not recognized how the backdoor is distributed to sufferer environments, nevertheless it has been discovered to make use of compromised WordPress-based web sites as command-and-control (C2) endpoints to fetch and execute directions, enabling it to run instructions by way of PowerShell or Command Immediate (cmd.exe) in addition to obtain/add information.


TinyTurla-NG additionally acts as a conduit to ship PowerShell scripts dubbed TurlaPower-NG which might be designed to exfiltrate key materials used to safe the password databases of widespread password administration software program within the type of a ZIP archive.

The disclosure comes as Microsoft and OpenAI revealed that nation-state actors from Russia are exploring generative synthetic intelligence (AI) instruments, together with massive language fashions (LLMs) like ChatGPT, to know satellite tv for pc communication protocols, radar imaging applied sciences, and search help with scripting duties.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Latest news
Related news


Please enter your comment!
Please enter your name here