Turla group hits hard on Ex-Soviet embassies from Eastern Europe

Turla group hits hard on Ex-Soviet embassies from Eastern Europe

State-sponsored hacking group Turla had been involved in an attack on ex-soviet states embassies and consulates from Eastern Europe. Turla group is well known for its attacks on governmental organizations typically using altered legitimate software like Flash Player downloads.
The method of altering original Flash Player Installer had been discovered by our cybersecurity team back in the summer of 2016. This approach represents a very talented way of deceiving the user that he is installing a genuine software în order to infect its device.

The cybercriminals managed to hide their method of deployment so well that the actual process wasn't found at this time. Although our skilled researchers narrowed the possibilities to 4: MITMA, trough compromised gateway of the embassies and organizations targeted, intercepting the traffic through IPS providers, or using Border Gateway Protocol (BGP) which is lightly possible because it would have triggered many alarms.

The same group is well known that is obfuscating its traffic very well to remain as silent as possible. Even using web apps located on Google Apps Script that acting like a C&C server, or dropping many malware and backdoors like Mosquito into already infected computers with the altered genuine software.

Because of use of this Mosquito and other malware found on infected computers like ComRAT or Gazer our cybersecurity team managed to link this attack to previous attacks made by the same group. Whoever is backing this group up shows a high interest in keeping the backdoors open in compromised embassies to have a constant flow of sensitive pieces of information coming.

Our top security analyst says: "Many security breaches like this could be avoided simply if users learn to follow simple security rules.
Always back up their data, keep their OSs and apps up to date, never open any files received from unknown sources, regularly have the best antivirus software installed in devices connected to the internet."
CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.

About CyberByte About CyberByte