Novel backdoor leveraged in Turla attacks

Attacks with the novel TinyTurla-NG backdoor have been deployed by Russian state-backed threat operation Turla, also known as Secret Blizzard, Pensive Ursa, Iron Hunter, and Venomous Bear, against several non-governmental organizations across Poland between December and late January, according to The Hacker News. Aside from leveraging hacked WordPress sites to facilitate command retrieval and execution through Command Prompt or PowerShell, TinyTurla-NG also enables the distribution of TurlaPower-NG PowerShell scripts, a report from Cisco Talos revealed.

Source: SC Magazine

 


Date:

Categorie(s):

Tag(s):