• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
turla's new deliverycheck backdoor breaches ukrainian defense sector

Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

You are here: Home / General Cyber Security News / Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector
July 20, 2023

The defense sector in Ukraine and Jap Europe has been focused by a novel .NET-based backdoor termed DeliveryCheck (aka CAPIBAR or GAMEDAY) which is able of offering future-phase payloads.

The Microsoft threat intelligence team, in collaboration with the Computer Crisis Response Workforce of Ukraine (CERT-UA), attributed the attacks to a Russian country-state actor regarded as Turla, which is also tracked under the names Iron Hunter, Mystery Blizzard (formerly Krypton), Uroburos, Venomous Bear, and Waterbug. It’s linked to Russia’s Federal Security Provider (FSB).

“DeliveryCheck is distributed by way of email as paperwork with malicious macros,” the organization stated in a collection of tweets. “It persists by means of a scheduled process that downloads and launches it in memory. It also contacts a C2 server to retrieve tasks, which can include things like the launch of arbitrary payloads embedded in XSLT stylesheets.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Profitable first entry is also accompanied in some conditions by the distribution of a identified Turla implant dubbed Kazuar, which is outfitted to steal software configuration information, function logs, and a huge array of knowledge from web browsers.

The final intention of the attacks is to exfiltrate messages from the Sign messaging app for Windows, enabling the adversary to access sensitive discussions, paperwork, and photographs on targeted methods.

A noteworthy facet of DeliveryCheck is its capability to breach Microsoft Trade servers to install a server-side component working with PowerShell Ideal Condition Configuration (DSC), a PowerShell management system that will help directors to automate the configuration of Windows systems.

“DSC generates a Managed Item Format (MOF) file containing a PowerShell script that masses the embedded .NET payload into memory, correctly turning a legit server into a malware C2 heart,” Microsoft stated.

Future WEBINARShield Towards Insider Threats: Learn SaaS Security Posture Management

Concerned about insider threats? We have received you lined! Be part of this webinar to examine useful strategies and the insider secrets of proactive security with SaaS Security Posture Management.

Be part of Today

The disclosure arrives as the Cyber Law enforcement of Ukraine dismantled a enormous bot farm with additional than 100 persons allegedly spreading hostile propaganda justifying the Russian invasion, leaking own facts belonging to Ukrainian citizens, and participating in different fraud techniques.

As part of the procedure, searches have been carried out in 21 areas, leading to the seizure of personal computer equipment, cell telephones, additional than 250 GSM gateways, and about 150,000 SIM playing cards belonging to distinctive cell operators.

Uncovered this post appealing? Adhere to us on Twitter  and LinkedIn to go through additional distinctive information we post.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «new p2pinfect worm targeting redis servers on linux and windows New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems
Next Post: A Few More Reasons Why RDP is Insecure (Surprise!) a few more reasons why rdp is insecure (surprise!)»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.