The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Turla Malware

Gazer: A New Backdoor Targets Ministries and Embassies Worldwide

Gazer: A New Backdoor Targets Ministries and Embassies Worldwide

August 30, 2017Mohit Kumar
Security researchers at ESET have discovered a new malware campaign targeting consulates, ministries and embassies worldwide to spy on governments and diplomats. Active since 2016, the malware campaign is leveraging a new backdoor, dubbed Gazer , and is believed to be carried out by Turla advanced persistent threat (APT) hacking group that's been previously linked to Russian intelligence. Gazer, written in C++, the backdoor delivers via spear phishing emails and hijacks targeted computers in two steps—first, the malware drops Skipper backdoor, which has previously been linked to Turla and then installs Gazer components. In previous cyber espionage campaigns, the Turla hacking group used Carbon and Kazuar backdoors as its second-stage malware, which also has many similarities with Gazer, according to research [ PDF ] published by ESET. Gazer receives encrypted commands from a remote command-and-control server and evades detection by using compromised, legitimate website
Russian Hackers Hijack Satellite To Steal Data from Thousands of Hacked Computers

Russian Hackers Hijack Satellite To Steal Data from Thousands of Hacked Computers

September 10, 2015Swati Khandelwal
A group of Russian hackers, most notably the Turla APT (Advanced Persistent Threat) is hijacking commercial satellites to hide command-and-control operations, a security firm said today. Turla APT group, which was named after its notorious software Epic Turla , is abusing satellite-based Internet connections in order to: Siphon sensitive data from government, military, diplomatic, research and educational organisations in the United States and Europe. Hide their command-and-control servers from law enforcement agencies. Despite some of its operations were uncovered last year, Turla APT group has been active for close to a decade, while remaining invisible by cleverly hiding from law enforcement agencies and security firms. Now, security researchers from Moscow-based cyber security firm Kaspersky Lab claim to have identified the way Turla APT group succeeded in hiding itself. The researchers said the group disguised itself by using commercial satellite Internet
Powerful Linux Trojan 'Turla' Infected Large Number of Victims

Powerful Linux Trojan 'Turla' Infected Large Number of Victims

December 09, 2014Mohit Kumar
Security researchers have discovered a highly nasty Linux trojan that has been used by cybercriminals in state sponsored attack in order to steal personal, confidential information from government institutions, military and pharmaceutical companies around the world. A previously unknown piece of a larger puzzle called " Turla ," one of the most complex Advanced Persistent Threats (APTs) uncovered by researchers at Kaspersky Lab in August, remained hidden on some systems for at least four years. The malware was notable for its use of a rootkit that made it extremely hard to detect. The German security company G Data believed that Turla campaign is linked to Russia and has in the past exploited a variety of Windows vulnerabilities, at least two of which were zero-days, to infect government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. Recently, security researchers from Moscow-based Kaspersky Lab
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.