Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

itman · Aug 9, 2017

And again ......... another legit Windows System32 directory process abused.

Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines.

Juan Andres Guerrero-Saade and Brian Bartholomew, members of Kaspersky Lab’s Global Research and Analysis Team, described some of tactics the researchers have seen in Q2 2017 in a webinar Tuesday morning. The company used the webinar and the quarterly report it was based on to help pull back the veil on threats previously covered by its private intelligence reporting service.

Sofacy, the group implicated by a December DHS report to election hacks, began using two new macro techniques in April. One abused Windows’ certutil utility to extract payloads—the first time the researchers had seen that technique used—another embedded payloads in the EXIF metadata of malicious Office documents.
Click to expand...

https://threatpost.com/updates-to-sofacy-turla-highlight-2017-q2-apt-activity/127297/

Minimalist · Oct 4, 2018

Shedding Skin – Turla’s Fresh Faces

Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an “ultra complex” snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT, which brings an interesting mix of old code, new code, and new speculations as to where they will strike next and what they will shed.
Click to expand...

https://securelist.com/shedding-skin-turlas-fresh-faces/

Log in or Sign up

Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

itman Registered Member

Minimalist Registered Member

Log in or Sign up

Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

itman Registered Member

Minimalist Registered Member

Useful Searches