Turla, which is widely believed to be a Russian state-sponsored hacker group, is known for using innovative methods for developing and distributing malware for its espionage campaigns. Recently, it was observed using common technologies like Gmail and errors in HTTP protocols for controlling its malware.
Latest discoveries:
In May 2020, ESET researchers found that the Turla group members had deployed an updated version of the ComRAT malware, containing some pretty clever new features.
- The latest variant of the malware ComRAT v4 (which was first seen in 2017) includes two new features, including the ability to exfiltrate antivirus logs and the ability to control the malware using a Gmail web interface in order to bypass some security controls.
- Turla uses Gmail's web User Interface as one of the two command and control channels for the updated malware, the other being a legacy HTTP channel. It can also delete the entries from the logs created by anti-virus, to clean its tracks.
- Turla used ComRAT v4 to steal confidential documents, and they took advantage of public cloud services like 4shared and OneDrive to exfiltrate the stolen data during its attacks against governmental and military institutions in Eastern Europe and the Caucasus.
No comments:
Post a Comment