Turla APT Group Employs New TinyTurla Backdoor in Attacks Against Countries Around the World
TinyTurla Backdoor Has Been Recently Used in Cyberattacks Involving the U.S., Germany, and Afghanistan.
Last updated on September 22, 2021
Yesterday, cybersecurity researchers stated that the Russian Advanced Persistent Threat (APT) actor Turla has been developing and employing a new backdoor used to infect systems in Afghanistan, Germany, and the U.S.
Who Is Turla?
Turla APT group, also known in the information security field as Snake, Venomous Bear, Uroburos, or WhiteBear, is an advanced operation that has been operational since at least 2004.
The infamous group has a long list of high-profile victims from all over the world in its portfolio. The APT attacked various European government entities and organizations in the U.S., Ukraine, and Arabic countries.
The New Backdoor Used to Target Entities Around the World
Based on forensic evidence, the security researchers determined that TinyTurla was used to attack the previous government of Afghanistan.
Cisco Talos’ telemetry indicates that the backdoor was also used to target networks in the U.S. and Germany as the specialists stated they have seen infections in these countries.
TinyTurla malware connection to the Russian-based cybercriminals was possible as the hackers employed the same infrastructure observed in other cyberattacks the Turla APT threat actor conducted in the past.
One public reason why we attributed this backdoor to Turla is the fact that they used the same infrastructure as they used for other attacks that have been clearly attributed to their Penguin Turla infrastructure.
It doesn’t look like the Turla APT group will disappear any time soon and yes, they are an advanced malware but they also make mistakes. Organizations must invest in a multi-layered security solution in order to detect and protect their business from these attacks.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.