ESET researchers discover a new backdoor used by Turla to exfiltrate stolen documents to Dropbox
ESET researchers found a previously undocumented backdoor and document stealer. Dubbed Crutch by its developers, we were able to attribute it to the infamous Turla APT group. According to our research, it was used from 2015 to, at least, early 2020. We have seen Crutch on the network of a Ministry of Foreign Affairs in a country of the European Union, suggesting that this malware family is only used against very specific targets as is common for many Turla tools..
Turla is a cyberespionage group active for more than ten years. It has compromised many governments, especially diplomatic entities, all around the world, operating a large malware arsenal that we have described in the last years.
Attribution to Turla
During our research, we were able to identify strong links between a Crutch dropper from 2016 and Gazer. The latter, also known as WhiteBear, was a second-stage backdoor used by Turla in 2016-2017. Our analysis is based on the Crutch dropper with SHA-1 A010D5449D29A1916827FDB443E3C84C405CB2A5 and the Gazer dropper ..
Support the originator by clicking the read the rest link below.
