HackRead: MoustachedBouncer Hackers Caught Spying on Embassies https://www.hackread.com/moustachedbouncer-hackers-spying-on-embassies/ #MoustachedBouncer #CyberAttacks #StrongPity #Security #Belarus #Malware #Russia #Spying #Turla

Gli hacker di Turla, utilizzano i server di Microsoft Exchange come server di comando e controllo

I #ricercatori hanno avvertito di nuovi attacchi da parte del gruppo di #hacker #Turla (noto anche come Secret Blizzard, KRYPTON o UAC-0003) che prendono di mira il #settore della #difesa ucraino e dell’Europa orientale e i server #Microsoft #Exchange.

Condividi questo post se hai trovato la news interessante.

#redhotcyber #online #it #web #ai #hacking #privacy #cybersecurity #cybercrime #intelligence #intelligenzaartificiale #informationsecurity #ethicalhacking #dataprotection #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #infosecurity

https://www.redhotcyber.com/post/gli-hacker-di-turla-utilizzano-i-server-di-microsoft-exchange-come-server-di-comando-e-controllo/

CERT-UA (Ukraine) und #Microsoft skizzieren ein aktuelles Angriffsszenario auf den #Verteidigungssektor in der #Ukraine und Osteuropa durch die staatlich-russische #APT-Gruppe #Turla.

Im Visier: #Exchange.

E-Mails mit #XLSM-Anhängen; enthaltene Makros führen einen #PowerShell-Befehl aus und erstellen eine geplante Aufgabe, die sich als Firefox-Browser-Updater ausgibt. Geladen wird Malware, die den Server auf und zu einem #C2Server für die #Hacker macht.

(EN)
https://www.bleepingcomputer.com/news/security/microsoft-hackers-turn-exchange-servers-into-malware-control-centers/

#Cybersecurity #Russia #Turla #Hacking: "In fact, Turla has arguably been operating for at least 25 years, says Thomas Rid, a professor of strategic studies and cybersecurity historian at Johns Hopkins University. He points to evidence that it was Turla—or at least a kind of proto-Turla that would become the group we know today—that carried out the first-ever cyberspying operation by an intelligence agency targeting the US, a multiyear hacking campaign known as Moonlight Maze.

Given that history, the group will absolutely be back, says Rid, even after the FBI's latest disruption of its toolkit. “Turla is really the quintessential APT,” says Rid, using the abbreviation for “advanced persistent threat,” a term the cybersecurity industry uses for elite state-sponsored hacking groups. “Its tooling is very sophisticated, it’s stealthy, and it’s persistent. A quarter-century speaks for itself. Really, it’s adversary number one.”"

https://www.wired.com/story/turla-history-russia-fsb-hackers/

"The #malware was difficult to remove from infected computer systems and the covert peer-to-peer network sliced and encrypted stolen data while stealthily routing it through numerous relay nodes scattered around the world back to #Turla operators in #Russia in a way that was hard to detect" https://www.nytimes.com/2023/05/09/us/politics/fbi-russia-malware.html?unlocked_article_code=GiJdZNFT7_PeTRHMk6B6Mqn0jGyHaoOqO6i0xvEMkBOXuK7s8mw2C-XPOZhnBzZ7UQ2Z9MRyuAqc4nh-rl2P0VRu7i7SqDFtHALZXFzJiAtUrL3pQH9UinoxZBmCcELO3Ir5dEgt5ifuMvXmFcQnS0ylBu5nWK97yiuAkWwcWancQr7euHLZQcc5CMEFF4m64DjzkyfEVrs0ixDySUbaidPbTYrpqsGQq-2bpap5m-vXk4i5enLeD4ldwF6g_xdVVBvyxCtL9vlEgMAvNUSLJoOSaroHr8Jjz9rdkpgpt9iNNHjNzxd9Jx-hXVzJpqC2JtCazvhye_nSmGC2LMwmcfI&smid=url-share #Security #InfoSec

But Turla it seems to be not:

> […] Turla and Tomiris are separate actors. Tomiris is undoubtedly Russian-speaking, but its targeting and tradecrafts are significantly at odds with what we have observed for Turla. In addition, Tomiris’s general approach to intrusion and limited interest in stealth are significantly at odds with documented Turla tradecraft. […]

#turla #threat #tomiris

«Tangled Up: '#Tomiris' #APT Uses #Turla #Malware, Confusing Researchers»

https://www.darkreading.com/threat-intelligence/tangled-up-tomiris-apt-uses-turla-malware-confusing-researchers

In Italia un condono, prima o poi, lava sempre i reati fiscali. Ma ci conviene? https://altreconomia.it/in-italia-un-condono-prima-o-poi-lava-sempre-i-reati-fiscali-ma-ci-conviene/ #evasionefiscale #condonipenali #riciclaggio #Opinioni #evasione #condono #imposte #Irpef #tasse #turla

#Verpasstodon

Analyse: Warum die russischen Cybertruppen in der Ukraine gescheitert sind

Hinter der ukrainischen IT-Abwehr wirkt eine mächtige Allianz aus US-Behörden, den großen Internetkonzernen und spezialisierten Abwehrfirmen.

https://www.heise.de/hintergrund/Ukraine-Krieg-Warum-die-russischen-Cybertruppen-in-der-Ukraine-gescheitert-sind-7542158.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Cyberangriff #Cyberwar #FancyBear #Russland #Turla #UkraineKrieg

«#Turla: A Galaxy of Opportunity» | Mandiant. #Malware #RussianMalware #Ukraine #MalwareAnalysis
Note: Some of malware related indicators have vulgar references.

https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

“Notorious Russian Spies Piggybacked on Other Hackers’ USB Infections
The infamous, FSB-connected Turla group took over other hackers’ servers, exploiting their USB drive malware for targeted espionage.”

https://www.wired.com/story/russia-turla-fsb-usb-infection/

#hackers #FSB #Turla #malware #espionage

Notorious #Russian #hacking group #Turla appears to resurface with fresh #cyberattacks on #Ukraine https://bit.ly/3X84q8Y

Notorious Russian Spies Piggybacked on Other Hackers’ USB Infections

The infamous, FSB-connected #Turla cyber-espionage group took over other hackers' servers, exploiting their USB drive malware for targeted #espionage.

Turla became infamous in 2008 as the hackers behind agent.btz, a virulent piece of malware that spread through US Department of Defense systems, via infected USB drives plugged in by unsuspecting Pentagon staffers.

#Russia #FSB #USB #Malware #Mandiant
https://www.wired.com/story/russia-turla-fsb-usb-infection/

Another day, another report of “top tier” nation-states getting away with:
- running “0171ef74.exe” out of a temp directory
- executing local system executables like net.exe, arp.exe, whoami.exe, etc.
- Using C2 with RC4 encryption and base64
- Using blatantly malicious domain names I won’t write here
- exfiltrating data using tools like rar.exe

🤦‍♂️😑🤦‍♂️

https://www.mandiant.com/resources/blog/turla-galaxy-opportunity

#APT #Malware #Turla

Nice work, mandiant. It’s been a while since I looked at Andromeda but I recall it being quite prolific at one point. Old domains don’t mean no risk! https://www.mandiant.com/resources/blog/turla-galaxy-opportunity #turla

#Turla, a #Russian #Espionage Group, Piggybacked on Other #Hackers ' USB Infections

The infamous, #FSB -connected Turla group took over other hackers' servers, exploiting their #USB drive #malware for targeted espionage.

https://www.wired.com/story/russia-turla-fsb-usb-infection/

Zenbox analysis of a key cyber observable from the Mandiant #Turla report that came out today | #malwareanalysis | https://vtbehaviour.commondatastorage.googleapis.com/9535a9bb1ae8f620d7cbd7d9f5c20336b0fd2c78d1a7d892d76e4652dd8b2be7_Zenbox.html

#threatintel

Some 'new' #Turla Exchange implants, in terms of uploads to VirusTotal at least - in the past few hours. Both from web browsers with US IPs.
https://www.virustotal.com/gui/search/bbc336abefa3ab6976b4ddde0420b487433536fac45a1506d252344bafc200ff
https://www.virustotal.com/gui/file/23900533ee001af215490827ca648065a455b1ad4759f8a22cb40a4df232d3b6

La Runet sta diventando un ricettacolo di siti di phishing. 18k domini fake sono stati rilevati

Gli specialisti di #GroupIB hanno rilevato nel 2022 circa 18.000 siti di #phishing nel segmento #russo di #Internet, ovvero il 15% in più rispetto all’anno precedente, i quali si sono concentrati su truffe di phishing.

Di fatto stiamo parlando di quell'icona rappresentata dal concetto di “#uroboros”, simbolo anche del famigerato gruppo di #hacker russi #Turla. Tale simbolo raffigura un serpente che morde la sua stessa coda.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://lnkd.in/dTRPeZ3g

Anti-Russian denial-of-service app actually infects pro-Ukrainian activists https://www.bitdefender.com/blog/hotforsecurity/anti-russian-denial-of-service-app-actually-infects-pro-ukrainian-activists/ #DenialofService #Guestblog #Android #Malware #ukraine #russia #Turla #DDoS