The Turla threat group, certainly Russian-speaking and widely attributed to Russian intelligence services, is back with a new phishing technique. The threat actor is distributing emails whose payloads, malicious pdf files, install a stealthy backdoor.
The backdoor is a standalone dynamic link library that’s able to install itself and interact with Outlook and other email clients. It exfiltrates data through an email exchange, which means that it evades detection by many commonly used data loss prevention products. The data are enclosed in a pdf container, which also looks unproblematic to many security solutions.
As the ESET researchers who’ve tracked this latest evolution of Turla note, there’s no command-and-control server that can be taken down, the data exfiltration can look entirely legitimate, and the ways in which the campaign modifies standard functions make it a stealthy and tough-to-eradicate infection.
Organizations should step their employees through new-school security awareness training which explains that the pdfs they’re receiving may not be what they seem. Dark Reading has the story: https://www.darkreading.com/attacks-breaches/turla-threat-group-uses-email-pdf-attachments-to-control-stealthy-backdoor/d/d-id/1332645
No tags for this post.
Based Blockchain Network