Recently Telsy observed some artifacts related to an attack that occurred in June 2020 that is most likely linked to the popular Russian Advanced Persistent Threat (APT) known as Venomous Bear (aka Turla or Uroburos). At the best of our knowledge, this time the hacking group used a previously unseen implant, that we internally named “NewPass“ as one of the parameters used to send exfiltrated data to the command and control. Telsy suspects this implant has been used to target at least one European Union country in the sector of diplomacy and foreign affairs. NewPass is quite a complex malware composed by different components that rely on an encoded file to […]