-
The new
@theintercept article on supply chain attacks has some interesting points. Between them, both MAKERSMARK and PLA seem to have developed BIOS implants as far back as 2013, maybe earlier. MAKERSMARK is another name for the#Turla APT. https://theintercept.com/document/2019/01/24/intellipedia-bios-threats/ …pic.twitter.com/fBQd93gyPG
Prikaži ovu nit -
New
@ESET research details how#Turla#APT uses#PowerShell scripts to inject#malware directly into memory in an attempt to evade detectionhttps://www.welivesecurity.com/2019/05/29/turla-powershell-usage/ … -
A new companion DLL for
#Turla#LightNeuron Exchange Transport agent was just uploaded on VT. Compilation timestamp suggests it's a slightly newer sample than those from@ESET report. https://www.virustotal.com/gui/file/cffac1039659857f410f5069751c6cc1c8aa413daecb27d50d85e29c5636ef63/detection … -
New
@ESET Research: We analyzed#LightNeuron, a#Turla malware targeting Microsoft Exchange servers - Abuses the Transport Agent feature - Can read/modify/block any email - Backdoor controlled by email attachments Full WP: https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf … Blogpost: https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/ …pic.twitter.com/4Uoir6wxiC
Prikaži ovu nit -
#Turla#Skipper George joins the game here ;) h/t@DrunkBinaryhttps://blog.telsy.com/following-the-turlas-skipper-over-the-ocean-of-cyber-operations/ … -
#Turla use Reductor to implement which mark a host’s encrypted TLS traffic by patching the browser without parsing network packets. The victimology for this new campaign aligns with previous Turla interests. https://securelist.com/compfun-successor-reductor/93633/ …Prikaži ovu nit -
Kaspersky
#APT landscape 2019. Top 10 most relevant threat actors:#lazarus#barium#turla#bluenoroff#zebrocy#lamberts#apt10#origamielephant#oilrig#honeymytepic.twitter.com/EvcA0M0bhL
-
Ghost in the shell: Investigating web shell attacks - Microsoft Security
#ZINC#Lazarus#KRYPTON#Turla#GALLIUM#OperationSoftCell#APT10?#APT27?#APT40?https://www.microsoft.com/security/blog/2020/02/04/ghost-in-the-shell-investigating-web-shell-attacks/ … -
According to the Finnish Intelligence Service (SUPO) 2018 annual report,
#Turla is a major threat for Finland. https://www.supo.fi/instancedata/prime_product_julkaisu/intermin/embeds/supowwwstructure/77291_WWW_SUPO_Juhlakirja_70_2019_ENG.pdf …pic.twitter.com/nODPINVtZ6
-
Advisory:
#Turla group exploits#Iranian#APT to expand coverage of victims https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims … The report come from UK/US intelligence,But actually from this report: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments#APT34 https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments …pic.twitter.com/TXWMsUZiPl
-
#Turla, a complex cyberattack platform focused almost entirely on diplomatic & governmental targets in the Middle East is evolving. Recently it was spotted spreading through poisoned anti-internet censorship software. Learn more: https://kas.pr/3tfc pic.twitter.com/xx9hJCwH3H
-
#Turla started timidly by deploying#Oilrig tools in computers they had previously owned themselves, then scanned IP addresses looking for Oilrig ASPX shells, and ended up fully compromising Oilrig C2 servers to get victims as well as Oilrig operators data https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims … pic.twitter.com/5zpF307lFm
-
According to
#NSA/#GCHQ (#NCSC), cyber actors#Turla Group acquired Iranian tools and infrastructure to conduct attacks on dozens of countries, security officials in the#UK and#US have revealed.#Snake#Uroburos Cc@Snowden https://www.ncsc.gov.uk/news/turla-group-behind-cyber-attack …pic.twitter.com/NIVCxrtCkZ
Prikaži ovu nit -
2019-06-23: Possible
#Turla#LightNeuron#Malware
"BPA.Transport.DLL"
| "Companion DLL" for Transfer Agent
Export Table:
"forLoading"
"simpleValidate"
"BinaryLogEx"
Logging:
Path: c:\windows\serviceprofiles\networkservice\
MD5: 5924eac8af1f3e3f1f825998bc59c062pic.twitter.com/ciGETwy7HR
-
#turla#waterbug tcpdump32c.exe, 5/70 VT detections. Reads a prt.ocx configuration file just like in the Waterbug report. Used for lateral movement across a victim's network. MD5: f2346530cd715498efc9b80bc827cd97 https://analyze.intezer.com/#/analyses/b20f0b5e-a7cb-4083-a967-73f5bd24a961f2346530cd715498efc9b80bc827cd97 … https://analyze.intezer.com/#/analyses/b20f0b5e-a7cb-4083-a967-73f5bd24a961 …pic.twitter.com/3XBwV6tJWQ
Prikaži ovu nit -
Art of
#maskirovka in action#Russian#cyberattack unit ‘masqueraded’ as Iranian hackers, UK says#turpo#Venäjä#turla https://www.ft.com/content/b947b46a-f342-11e9-a79c-bc9acae3b654 …Prikaži ovu nit -
Virusbay blog is finally up! We begin with decryption of
#Whiterose ransomware / by@voidm4p: https://blog.virusbay.io/2019/08/05/how-reverse-engineering-and-cyber-criminals-mistakes-can-help-you-when-youve-been-a-ransomware-victim/ … and additional 2 parts blog / by@0verfl0w_, who’s also one of our Divers, about#Turla KLSL0T! Enjoy!Prikaži ovu nit -
#turla toolkit is actually work of#APT called#venomousbear - the group actually deployed Turla using Iran C2 poison frog which Turla grouped used their own implants on#neuron and#nautilus tools which are likely Iranian but no actual evidence yet#getyourfactsright -
#Außenministerium#Österreich wird von der Spionagetruppe#Turla angegriffen! Turla greift ausschließlich hochkarätige politische Ziele an und ist bekannt dafür, dass sie den Verteidigern nach ihrer Entdeckung schwere#Cybergefechte liefert.https://fm4.orf.at/stories/2997349/ …
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.