Russian state-sponsored cyber threat actor Turla victimized a Ukrainian organization in a recent attack. The hackers leveraged legacy Andromeda malware that was executed by other hackers via an infected USB drive, Mandiant reports.
Turla is active since at least 2006, however, the group came into light in 2008 as the group was behind the agent.btz, a venomous piece of malware that spread through US Department of Defense systems, gaining widespread access via infected USB drives plugged in by the Pentagon employee who was unaware of the danger.
Also, the group has been historically associated with the use of the ComRAT malware. After 15 years, the group again came into the spotlight. However, this time the group is trying a new trick that is hijacking the USB infections of other malicious actors to piggyback on their infections to spy on targets.
Legacy Andromeda malware also known as Wauchos or Gamarue which has been active since at least September 2011, is a modular trojan that is capable of checking whether it is being executed or debugged in a virtual environment by using anti-virtual machine techniques.
In the Turla-suspected operation tracked as UNC4210, at least three expired Andromeda command and control (C&C) domains were used for victim profiling, Mandiant discovered.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: