30 May 19, 17:13
Quote:A cyberespionage group believed to be from Russia is once again striking political targets, and this time, PowerShell scripts have been weaponized to increase the power of their attacks.
Turla, also known as Snake or Uroburos, has been active since at least 2008. The advanced persistent threat (APT) group was previously linked to a backdoor implanted in Germany's Federal Foreign Office for the purposes of data exfiltration in 2017, alongside attacks against the US military, a defense contractor, and a variety of European government entities.
The Russian hacking group is rarely quiet for long, and now, the APT has returned with a fresh wave of attacks against diplomatic entities in Eastern Europe.
According to researchers from ESET, Turla has recently employed PowerShell scripts. The scripts allow "direct, in-memory loading and execution of malware executables and libraries," the team says, which can also help them circumvent discovery on victim machines when a malicious executable is dropped on to a disk.
SOURCE: https://www.zdnet.com/article/turla-turn...diplomats/