The formidable Russian hacker group Turla is as active as ever. Accenture security researchers have detected its presence in the networks of a European government organization, without further clarification. According to the Estonian secret service, Turla is an offshoot of the Russian intelligence service FSB.
In order to infiltrate the administration’s systems, hackers relied on a combination of backdoors and Trojans allowing remote control. The first, dubbed “HyperStack”, rely on the RPC protocol to infect systems step by step.
The latter, called “Kazar” and “Carbon”, are used to spy on systems and exfiltrate data. In some cases, the Trojans download the commands to be executed on the Pastebin site where they are placed in an encrypted way by the hackers.