Attacks with an updated Kazuar second-stage payload with improved stealth and detection evasion capabilities have been launched by Russian state-backed hacking group Turla, also known as Pensive Ursa, according to The Hacker News. Aside from including sophisticated anti-analysis techniques and more robust obfuscation, Kazuar has also been improved to support 19 more features since its emergence in 2017, including those enabling extensive system profiling, credential exfiltration, file manipulation, data gathering, and arbitrary command execution, a report from Palo Alto Networks’ Unit 42 revealed.
Source: SC Magazine