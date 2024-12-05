Threat Intelligence, Malware, Network Security

Turla targets Pakistani APT infrastructure for espionage

cyber crime assessment , security awareness , malware detection
(Adobe Stock)

Indian and Afghan organizations have been targeted by Russian state-backed advanced persistent threat operation Turla, also known as Pensive Ursa, Secret Blizzard, and Iron Hunter, through the infiltration of Pakistani hacking gang Storm-0156's command-and-control servers since late 2022, according to The Hacker News.

After achieving initial access to a Storm-0156 C2 server in December 2022, Turla sought to take over more of the Pakistani threat operation's C2s to compromise Afghan government organizations' networks with the TwoDash downloader and Statuezy trojan, a report from Lumen Technologies' Black Lotus Labs showed. A separate report from Microsoft revealed that Turla had leveraged the C2 servers to appropriate Storm-0156's previous Crimson RAT infections to facilitate the execution of the TwoDash and MiniPocket downloaders. "Taking advantage of the campaigns of others allows Secret Blizzard to establish footholds on networks of interest with relatively minimal effort. However, because these initial footholds are established on another threat actor's targets of interest, the information obtained through this technique may not align entirely with Secret Blizzard's collection priorities," said Microsoft.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Related

Additional Pegasus spyware-hit devices identified

New infections of NSO Group's Pegasus spyware have been discovered by mobile threat hunting firm iVerify across seven of 2,500 scanned iPhones, one of which belonged to an unnamed major business leader, who was in disbelief when informed about the attempted device compromise.

Activity of novel DroidBot Android trojan ramps up

Malicious apps spoofing the Google Chrome, Google Play Store, and Android Security apps have been leveraged to lure targets into downloading DroidBot Android banking trojan, which not only enables keystroke logging and fake login page overlaying but also facilitates the interception of incoming text messages.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Account HarvestingAddress Resolution Protocol (ARP)AdwareBackdoorBandwidthDomainDrive-by DownloadDumpster DivingHybrid AttackInformation Warfare

You can skip this ad in 5 seconds