Tag Archives: turla

Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene

Recently Telsy observed some artifacts related to an attack that occurred in June 2020 that is most likely linked to the popular Russian Advanced Persistent Threat (APT) known as Venomous Bear (aka Turla or Uroburos). At the best of our knowledge, this time the hacking group used a previously unseen implant, that we internally named “NewPass“ as one of the parameters used to send exfiltrated data to the command and control. Telsy suspects this implant has been used to target at least one European Union country in the sector of diplomacy and foreign affairs. NewPass is quite a complex malware composed by different components that rely on an encoded file to […]

Turla Skipper over the ocean of cyber operations

Turla Skipper over the ocean of cyber operations

In the middle of May 2019 new malware variants identified to be part of Turla suite comes into light. Turla, also known as Snake or Uroburos is one of the most advanced threat actor in the cyber operations landscape. The full malicious set retrieved can be referred to a campaign started in the second half of 2018 and likely aimed at compromise government entities and high-level diplomatic institutions. The average number of variants found in conjunction sometime with low detection rates as well as the nature of targeted entities confirm the “APT” nature of the actor and its ability to remain in the shadows for a long time. It has […]

LightNeuron: Telsy TRT releases its YARA rule to detect this Microsoft Exchange backdoor

LightNeuron: Telsy TRT releases its YARA rule to detect this Microsoft Exchange backdoor

A recent APT malware infection, known as LightNeuron, uses the basic functions of Microsoft’s Exchange Server to monitor and control outgoing and incoming communications from mail servers. Indeed, the threat group that uses it usually targets high-level diplomatic and international relations institutions. In order to assist the security community in fighting and hunting this insidious threat, Telsy TRT has publicly released one of its specific tracking signature on a dedicated GitHub repo. LightNeuron YARA rule signature rule Turla_LNTA_v1 {meta:description = “Detect Turla LightNeuron Transport Agent”author = “Emanuele De Lucia – Telsy SpA – thanks to @TS_WAY_SRL for cooperation”tlp = “white”strings:$x1 = “networkservice\\appdata\\local\\temp\\tmp1197.tmp” fullword wide$x2 = “networkservice\\appdata\\local\\temp\\tmp8621.tmp” fullword wide$s1 = “BPA.Transport.dll” […]

Utilizzando il sito, accetti l'utilizzo dei cookie da parte nostra. maggiori informazioni

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close