Russia hacker group hijacks USB attacks by other criminals

Turla, a known Russian threat actor allegedly tied to the Kremlin, was observed recycling a decade-old and defunct malware to gain access ...

Turla, a known Russian threat actor allegedly tied to the Kremlin, was observed recycling a decade-old and defunct malware to gain access to endpoints in Ukraine and spy on its targets.

A report by cybersecurity experts Mandiant found that in mid-2022, Turla was re-registering expired domains of Andromeda, a common banking trojan that was being widely distributed almost a decade ago - in 2013. 

By doing so, the group would take over the malware’s command & control (C2) servers, gaining access to the once-infected endpoints and their sensitive information.

Hiding in plain sight

One of the advantages of this novel approach, the researchers claim, is the ability to stay hidden from cybersecurity researchers. 

“Because the malware already proliferated through USB, Turla can leverage that without exposing themselves. Rather than use their own USB tools like agent.btz, they can sit on someone else’s,” says John Hultquist, lead intelligence analyst at Mandiant. “They’re piggybacking on other people’s operations. It’s a really clever way of doing business.”

But what raised the alarms with Mandiant is the fact that Andromeda deployed two additional pieces of malware - a reconnaissance tool named Kopiluwak, and a backdoor named Quietcanary. It was the former that gave it away, as it’s a tool that was used by Turla in the past, as well.

In total, three expired domains were observed to have been re-registered last year, connecting to “hundreds” of Andromeda infections, all giving Turla access to sensitive data. “By doing this you can basically lay under the radar much better. You’re not spamming a bunch of people, you’re letting someone else spam a bunch of people,” says Hultquist. “Then you started picking and choosing which targets are worth your time and your exposure.”

Turla used this novel approach to target endpoints in Ukraine, the researchers said, adding that, so far, this is the only country being attacked. 

Via: Wired



from TechRadar - All the latest technology news https://ift.tt/0EwXLUi
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Russia hacker group hijacks USB attacks by other criminals
Russia hacker group hijacks USB attacks by other criminals
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/01/russia-hacker-group-hijacks-usb-attacks.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/01/russia-hacker-group-hijacks-usb-attacks.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy