The Russian espionage group, Turla became infamous in 2008 as the hackers behind agent.btz. Now, 15 years later, the group appears to be trying a new twist on that trick: hijacking the USB infections of other hackers to piggyback on their infections.
—gained access to victim networks by registering the expired domains of nearly decade-old cybercriminal malware that spread via infected USB drives. As a result, Turla was able to take over the command-and-control servers for that malware, hermit-crab style, and sift through its victims to find ones worthy of espionage targeting.
That hijacking technique appears designed to let Turla stay undetected, hiding inside other hackers’ footprints while combing through a vast collection of networks. And it shows how the Russian group’s methods have evolved and become far more sophisticated over the past decade and a half, says John Hultquist, who leads intelligence analysis at Mandiant. “Because the malware already proliferated through USB, Turla can leverage that without exposing themselves.
Mandiant’s discovery of Turla’s new technique first came to light in September of last year, when the company’s incident responders found a curious breach of a network in Ukraine, a country that’s become a primary focus of all Kremlin intel services after Russia’s catastrophic invasion last February.
Andromeda is a relatively common banking trojan that cybercriminals have used to steal victims’ credentials since as early as 2013. But on one of the infected machines, Mandiant’s analysts saw that the Andromeda sample had quietly downloaded two other, more interesting pieces of malware.
When Mandiant looked at the command-and-control servers for the Andromeda malware that had started that infection chain, its analysts saw that the domain used to control the Andromeda sample—whose name was a vulgar taunt of the antivirus industry—had actually expired and been reregistered in early 2022. Looking at other Andromeda samples and their command-and-control domains, Mandiant saw that at least two more expired domains had been reregistered.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
India follows EU lead and makes USB-C mandatory for smartphonesIndia has taken inspiration from the E.U. and will be requiring all mobile devices to be equipped with USB Type-C by March 2025.
Read more »
No USB-C phone can charge faster than Realme's upcoming handsetWe are one month away from Realme introducing the GT Neo 5, the first smartphone that will feature 240W fast charging.
Read more »
Russian outrage grows after strike kills dozens of troops in UkraineRussian nationalists and lawmakers are expressing outrage after the deaths of 63 Russian soldiers in a New Year's Eve strike on a Russian military barracks in Ukraine.
Read more »
Wagner Group pins blame on Russian MoD for stalled Bakhmut campaign—ISWYevgeny Prigozhin, the financier of the mercenary group, has effectively admitted his troops made no gains in the bitter battle for the city in Donetsk Oblast.
Read more »
Ukraine targets Russian ammunition depots as Wagner Group advance stallsTwo ammunition depots were destroyed in the embattled city of Bakhmut on Wednesday, a spokesman for Ukraine's armed forces said.
Read more »
US baffled by 'amount of Russian blood' Wagner Group has spilled to capture BakhmutThe Russian mercenary organization, the Wagner Group, is leading the Russians' war in the city of Bakhmut in Ukraine, which has resulted in significant numbers of casualties.
Read more »