A naukri.com initiative
Socprime
2w
426
Image Credit: Socprime
Secret Blizzard Attack Detection: The russia-Linked APT Group Targets Ukraine via Amadey Malware to Deploy the Updated Kazuar Backdoor Version
- The Secret Blizzard (also known as Turla) hacking group has been observed deploying custom malware in its latest attacks on Ukrainian targets.
- The group is thought to have used the Amadey bot malware to deploy its own samples of malware on systems connected to the Ukrainian military.
- The Microsoft threat intelligence team has stated that Secret Blizzard launched a similar campaign in 2022, whilst its most recent attack occurred in the spring of 2024.
- Microsoft found that Secret Blizzard's malware also deployed a custom reconnaissance tool to target Ukrainian military devices connected to STARLINK IPs.
- The investigation suggests that Secret Blizzard used the PowerShell dropper to deploy the Tavdig backdoor and a vulnerable Symantec binary for DLL sideloading.
- Tavdig malware was used to gather user data, network statistics and patch information, it also installed registry keys for KazuarV2 backdoor persistence.
- The Secret Blizzard hacking group, also associated with Turla, Venomous Bear and Krypton, primarily focuses on government, diplomatic and military organizations.
- Since February 2022, Turla has been heavily involved in cyberespionage campaigns aimed at Ukraine.
- Security teams can use the SOC Prime Platform to fight back against the group's evolving tactics.
- The platform offers the world's largest collection of CTI-enriched detections, as well as automated threat hunting and AI-powered detection engineering services.
Read Full Article
25 Likes
For uninterrupted reading, download the app