Tag Archives: turla

Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene

Recently Telsy observed some artifacts related to an attack that occurred in June 2020 that is most likely linked to the popular Russian Advanced Persistent Threat (APT) known as Venomous Bear (aka Turla or Uroburos). At the best of our knowledge, this time the hacking group used a previously unseen implant, that we internally named “NewPass“ as one of the parameters used to send exfiltrated data to the command and control. Telsy suspects this implant has been used to target at least one European Union country in the sector of diplomacy and foreign affairs. NewPass is quite a complex malware composed by different components that rely on an encoded file to […]

Following the Turla’s Skipper over the ocean of cyber operations

Following the Turla’s Skipper over the ocean of cyber operations

In the middle of May 2019 new malware variants identified to be part of Turla suite comes into light. Turla, also known as Snake or Uroburos is one of the most advanced threat actor in the cyber operations landscape. The full malicious set retrieved can be referred to a campaign started in the second half of 2018 and likely aimed at compromise government entities and high-level diplomatic institutions. The average number of variants found in conjunction sometime with low detection rates as well as the nature of targeted entities confirm the “APT” nature of the actor and its ability to remain in the shadows for a long time. It has […]

Telsy TRT releases its YARA rule to detect Turla LightNeuron, the Microsoft Exchange backdoor

Telsy TRT releases its YARA rule to detect Turla LightNeuron, the Microsoft Exchange backdoor

A recent APT malware infection, known as LightNeuron, uses the basic functions of Microsoft’s Exchange Server to monitor and control outgoing and incoming communications from mail servers. The threat group that uses it usually targets high-level diplomatic and international relations institutions. In order to assist the security community in fighting and hunting this insidious threat, Telsy TRT has publicly released one of its specific tracking signature on a dedicated GitHub repo. The signature can be downloaded here

Utilizzando il sito, accetti l'utilizzo dei cookie da parte nostra. maggiori informazioni

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close