Turla_Targets_Map  - Turla Targets Map - New Malicious PDFs Carry Stealthy Backdoor And Exfiltrate Data Via Email

The Turla threat group, certainly Russian-speaking and widely attributed to Russian intelligence services, is back with a new phishing technique. The threat actor is distributing emails whose payloads, malicious pdf files, install a stealthy .

The backdoor is a standalone dynamic link library that’s able to install itself and interact with Outlook and other email clients. It exfiltrates data through an email exchange, which means that it evades detection by many commonly used data loss prevention products. The data are enclosed in a pdf container, which also looks unproblematic to many security solutions.

As the ESET researchers who’ve tracked this latest evolution of Turla note, there’s no command-and-control server that can be taken down, the data exfiltration can look entirely legitimate, and the ways in which the modifies standard functions make it a stealthy and tough-to-eradicate infection.

Organizations should step their through new-school security awareness training which explains that the pdfs they’re receiving may not be what they seem. Dark Reading has the story: https://www.darkreading.com/attacks-breaches/turla-threat-group-uses-email-pdf-attachments-to-control-stealthy-backdoor/d/d-id/1332645

Source link
Based Blockchain Network

No tags for this post.


Please enter your comment!
Please enter your name here