Kaspersky Lab’s expert researchers have discovered that the Russian-speaking Turla threat device has renewed its arsenal and provided it with new subversive methods.
Turla has encapsulated its famous malware (KopiLuwak) with a new delivery tool called Topinambour, and has created two similar versions in other languages.
The group also distributed its malware through software download tools designed to bypass online content blocking.
Researchers believe that these methods are designed to make it more difficult to detect threats and facilitate the targeting of victims.
Topinambour was seen in an operation targeting government agencies earlier this year.
Turla is a well-known threat to digital espionage targets directed against government and diplomatic targets, and has acquired a reputation for its innovations and famous malware (Jerusalem Drum), first seen in 2016.
This year, Kaspersky Lab researchers were able to discover new tools and methods introduced by Turla, which aim to facilitate concealment and reduce the probability of detecting an attack.
Turla uses Topinambour software to distribute and deliver kopiLuwak through official software downloads, such as VPN software used to bypass Internet censorship.
KopiLuwak is specifically designed to perform digital espionage, and Turla’s most recent operation has involved methods that have helped malware to hide and avoid detection.
The command and control system contains IP addresses that mimic normal LAN addresses, making it easier to hide.
The researchers believe that these types of malware are used if the target computer has the ability to detect kopiLuwak using an appropriate security solution.
This software can do the following once it is activated:
Determine the nature of the objective of understanding the quality of the infected computer.
Collect information on system and network adapters.
Download more malware and activate it.
Take pictures of the screen.
Kurt Baumgartner, senior security researcher at Kaspersky Lab, said the turla emerged in 2019 with a new version of subversive tools, offering a number of new methods to reduce the ability of security solutions and researchers to detect them.
« These technologies reduce the digital footprint of malware, » he said, noting that the use of VPN software download tools shows that attackers have clear and precise targets to spy through these tools.
Kurt Baumgartner said the continued development of turla is a powerful reminder of the importance of security solutions that protect systems against the latest technologies and methods used by those behind the advanced threats under way.
Kaspersky Lab suggests the following measures to reduce the likelihood of becoming a victim of sophisticated digital espionage:
Educate employees about security by explaining how to record applications or files that may contain malware and stay away from them.
Apply detection and response solutions, such as Kaspersky Endpoint Detection and Response, to detect threats.
Develop an institutional security solution to detect advanced threats across the entire network at an early stage, such as the kaspersky Anti-Targeted Attack platform.
Provide the Security Operations Centre team with the latest information on new threats to keep you informed of the latest developments in tools and methods.