Quote:The Turla advanced persistent threat (APT) group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported.
On Tuesday, Cisco Talos researchers said that they’ve spotted infections they attributed to the Turla group (aka Snake, Venomous Bear, Uroburos and WhiteBear) – a Russian-speaking APT. Those attacks are “likely” using a stealthy, “second-chance” backdoor to maintain access to infected devices, they noted.
“Second-chance,” as in, it’s sticky: Even if an infected machine supposedly gets wiped clean of the primary malware, the attackers can maintain access to the system.
The novel backdoor, dubbed TinyTurla, can be used to drop payloads and to upload and/or execute files, according to the writeup. It could also be used as a second-stage dropper to infect the system with additional malware.
“The backdoor code is quite simple but is efficient enough that it will usually fly under the radar,” according to the report.
Read more: Turla APT Plants Novel Backdoor In Wake of Afghan Unrest | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
