- Apr 21, 2016
- 3,439
Russian espionage group Turla has been working on various tools for years, including several new versions of Carbon, a second stage backdoor malware.
The discovery was made by researchers from ESET who claim that this malware is still under active development. Since the group is well known for changing its tools once they are exposed, it's not that big of a surprise that they're pushing version after version, changing mutexes and file names between two major versions.
It seems that the Turla group usually works in multiple stages, first doing reconnaissance on their victim's systems before deploying their sophisticated tools, including Carbon.
Researchers claim that a "classic" Carbon compromise chain starts with a user receiving a spearphishing email or visiting a compromised website, typically one that the user visits regularly. One this attack is succes... (read more)
The discovery was made by researchers from ESET who claim that this malware is still under active development. Since the group is well known for changing its tools once they are exposed, it's not that big of a surprise that they're pushing version after version, changing mutexes and file names between two major versions.
It seems that the Turla group usually works in multiple stages, first doing reconnaissance on their victim's systems before deploying their sophisticated tools, including Carbon.
Researchers claim that a "classic" Carbon compromise chain starts with a user receiving a spearphishing email or visiting a compromised website, typically one that the user visits regularly. One this attack is succes... (read more)
Last edited by a moderator:
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
