Articles Previously unknown backdoor discovered used by APT group for...

Previously unknown backdoor discovered used by APT group for 5 years

-

ESET specialists spoke about the previously undocumented Crutch backdoor, which was used in 2015-2020 attacks against specific targets.

According to experts, the malware was used by the “advanced” hacker group Turla (also known as Venomous Bear), known for its aggressive attacks on governments, embassies and military organizations using targeted phishing and techniques known as watering holes. With Crutch, hackers have stolen confidential documents and other files and saved them to their Dropbox accounts.

In particular, the backdoor bookmarks were secretly installed on several computers belonging to the Ministry of Foreign Affairs of one of the EU countries.

Crutch is delivered to the target system either through the Skipper package (first stage tab), previously also linked to Turla, or through the PowerShell Empire post-operational agent. At the same time, cybercriminals used two versions of the backdoor – one before mid-2019 and the second after. To receive commands and download stolen files, the first version of the backdoor connected to the embedded Dropbox accounts using a legitimate HTTP API. The second option uses the new function of downloading files stolen from local and removable hard drives to Dropbox using the Windows Wget utility instead of configuring.

Crutch is able to bypass certain layers of security by abusing legitimate infrastructure (in this case, Dropbox) to merge with regular network traffic, while stealing documents and receiving commands from its operators.

“The complexity of the attacks and the technical details of our discovery further reinforce the notion that Turla has significant resources to handle such a large and varied arsenal,” said ESET researcher Matthieu Faou.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you