IT specialists of the Slovak company ESET warn of a new series of attacks committed by the Turla cyber-spy group, which are aimed at websites of government agencies in the world.
“ESET, a leader in information security, has discovered a new activity of the Turla group, which is aimed at government websites. This time, cybercriminals are using social engineering techniques, using a fake Adobe Flash update as a decoy to download malicious software,” said the website.
According to the report, as a result of such attacks, at least four websites, two of which belong to the government of Armenia, were infected. At the same time, these web portals have been infected at least since the beginning of 2019. ESET specialists warned the national unit of CERT of Armenia. Thus, the researchers concluded that the main target of cybercriminals is officials and politicians.
During the recorded cyberattacks, hackers infect the selected site with malicious software, which is subsequently transmitted to the devices of users of the resource. After the initial infection, Turla operators get full access to the victims’ devices.
ESET specialists were not able to determine what the hackers did on infected devices, but they usually try to steal confidential documents.
According to ESET, during the latest attacks, the cybercriminals of the Turla group used a completely new backdoor called PyFlash. According to ESET experts, the authors of Turla used Python for the first time in this malicious software. The command server sends commands to the backdoor to download files, execute Windows commands, and launch and remove malicious software.
The company added that the group of cybercriminals Turla is active in most of the world, but mainly its activities are aimed at countries in Eastern Europe and East Asia. Its main goals are government and military organizations. A group of cyber spies has been working for more than ten years.