In December 2023, the Russia-linked threat actor Turla was seen using a brand-new backdoor called TinyTurla- NG to target Polish non-governmental organizations.
According to a technical report released today by Cisco Talos,” TinyTurla-NG, just like TinyURLa, is small’last chance’ backdoor that is left behind to be used when all other unauthorized access/backdoor mechanisms have failed or been detected on the infected systems.”
Due to its resemblance to TinyTurla, another implant used by the adversarial collective in at least 2020-targeted intrusions into the United States, Germany, and Afghanistan, the drug is given that name. In September 2021, the cybersecurity firm published its first report on TinyTurla.
Russian state-affiliated threat actor Turla, also known as Iron Hunter, Pensive Ursa, Secret Blizzard ( previously Krypton ), Snake, Uroburos, and Venomous Bear, is associated with the Federal Security Service ( FSB ).
With a novel .NET-based backdoor called DeliveryCheck and an upgrade to its standard second-stage implant called Kazuar, which it has used as early as 2017, the threat actor has recently targeted the defense sector in Ukraine and Eastern Europe.
According to reports, TinyTurla- NG’s most recent campaign began on December 18, 2023, and it reportedly lasted until January 27, 2024. Based on the malware compilation dates, it’s possible that the activity actually started in November 2023.
The backdoor uses compromised WordPress-based websites as command-and-control ( C2 ) endpoints to fetch and execute instructions, enabling it to run commands via PowerShell or Command Prompt ( cmd ), though how it is distributed to victim environments is currently unknown. exe ) as well as file downloads and uploads.
Additionally, TinyTurla- NG serves as a conduit for the delivery of TurlaPower-NG PowerShell scripts, which are ZIP archives that are used to extract key information from popular password management software’s password databases.
In order to comprehend satellite communication protocols, radar imaging technologies, and seek assistance with scripting tasks, nation-state actors from Russia are exploring generative artificial intelligence ( AI ) tools like ChatGPT, according to a disclosure from Microsoft and OpenAI.