Russian Turla hackers attack defense forces

0
469
Hackers

Specialists of the Governmental Computer Emergency Response Team of Ukraine CERT-UA, founded in 2022, under the identifier UAC-0024, are monitoring activity involving targeted cyberattacks against the defense forces for espionage using the CAPIBAR malware (Microsoft: DeliveryCheck, Mandiant: GAMEDAY).

Under certain circumstances, a sophisticated multifunctional KAZUAR backdoor can be loaded onto the affected computers, among its functions are stealing various authentication data, databases/configuration files of various programs, obtaining data from operating system logs, etc.

With a sufficient level of certainty, this activity is associated with the Turla group (UAC-0003, KRYPTON, Secret Blizzard), whose activities are directed by the Russian Federal Security Service.

Samples of malware have been handed over to security vendors.

CERT-UA experts also express their gratitude to the Microsoft Threat Intelligence team for their assistance in combating cyber threats throughout the country.

LEAVE A REPLY

Please enter your comment!
Please enter your name here