A dive into Turla PowerShell usage

ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only. Turla, also known as Snake, is an infamous espionage group recognized for its complex malware. To confound detection, its operators recently started using PowerShell scripts that provide direct, in-memory loading and execution of malware executables and libraries. … More A dive into Turla PowerShell usage

Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage

ESET researchers have discovered that the attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software. In July 2018 we discovered that the Plead backdoor was digitally signed by a code-signing certificate that was issued to D-Link Corporation. Recently we detected a new activity involving the same malware … More Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage

Turla LightNeuron: An email too far

ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments. Due to security improvements in operating systems, rootkit usage has been in constant decline for several years. As such, malware developers – especially those working in espionage groups – have been busy developing new stealthy userland malware. Recently, ESET researchers … More Turla LightNeuron: An email too far

Turla: In and out of its unique Outlook backdoor

The latest ESET research offers a rare glimpse into the mechanics of a particularly stealthy and resilient backdoor that the Turla cyberespionage group can fully control via PDF files attached to emails. ESET researchers have investigated a distinctive backdoor used by the notorious Advanced Persistent Threat (APT) group known as Turla (or Snake, or Uroburos) to siphon … More Turla: In and out of its unique Outlook backdoor

ESET research: Appearances are deceiving with Turla’s backdoor-laced Flash Player installer

ESET researchers have found that Turla, the notorious state-sponsored cyberespionage group, has added a fresh weapon to its arsenal that is being used in new campaigns targeting embassies and consulates in the post-Soviet states. This new tool attempts to dupe victims into installing malware that is ultimately aimed at siphoning off sensitive information from Turla’s … More ESET research: Appearances are deceiving with Turla’s backdoor-laced Flash Player installer

New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies

Security researchers at ESET have released new research today into the activities of the notorious Turla cyberespionage group, and specifically a previously undocumented backdoor that has been used to spy on consulates and embassies worldwide. ESET’s research team are the first in the world to document the advanced backdoor malware, which they have named “Gazer”, despite evidence that … More New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies

Turla’s watering hole campaign: an updated Firefox Extension abusing Instagram

Some of the tactics used in APT attacks die hard. A good example is provided by Turla’s watering hole campaigns. This group, which has been targeting governments, government officials and diplomats for years, is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure. In fact, they have been using them … More Turla’s watering hole campaign: an updated Firefox Extension abusing Instagram