Scroll Top

Russian hackers exploit TinyTurla-NG to infiltrate European NGO systems


In a recent development, Russia-linked hackers, identified as Turla, have been implicated in breaching the systems of an undisclosed European non-governmental organization (NGO). The attack, facilitated through the deployment of a sophisticated backdoor known as TinyTurla-NG, has raised concerns about cybersecurity vulnerabilities in the region.

According to a report released today by Cisco Talos, the initial compromise occurred when the attackers infiltrated the NGO’s systems, establishing persistence and modifying antivirus configurations to evade detection. Subsequently, they leveraged TinyTurla-NG to establish additional communication channels, including the utilization of Chisel for data exfiltration and lateral movement within the network.

Evidence suggests that the breach may have commenced as early as October 2023, with the deployment of Chisel occurring in December of the same year. Data exfiltration activities were observed around January 12, 2024, underscoring the prolonged and covert nature of the cyber intrusion.

TinyTurla-NG, a malicious tool recently identified by cybersecurity experts, has been associated with previous attacks targeting a Polish NGO dedicated to promoting democratic values and supporting Ukraine amidst geopolitical tensions. The campaign, characterized by its selective targeting of specific organizations primarily situated in Poland, highlights the strategic objectives of the threat actors involved.

The modus operandi of the attackers involves exploiting initial access to configure antivirus exclusions, thus evading detection mechanisms, and deploying TinyTurla-NG through the creation of a deceptive “sdm” service. This backdoor enables the perpetrators to conduct reconnaissance, exfiltrate sensitive data to a command-and-control (C2) server, and deploy customized versions of tunneling software like Chisel.

As investigations into the incident continue, cybersecurity experts emphasize the need for enhanced vigilance and proactive measures to mitigate the risks posed by such sophisticated cyber threats. The ongoing exploitation of advanced techniques by threat actors underscores the evolving nature of cybersecurity challenges faced by organizations worldwide.

Talos researchers have warned that the attackers are likely to replicate their tactics, creating persistent threats across multiple systems within the targeted network. As organizations strive to safeguard their digital assets and sensitive information, collaborative efforts between cybersecurity experts, government agencies, and private entities remain essential in combating cyber threats effectively.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.