European MFA Targeted by Russian Hackers Using New Backdoors for Espionage

Dark Watch
European MFA Targeted by Russian Hackers Using New Backdoors for Espionage

Published:

Written by: Staff Editor
spot_img

New Backdoors Discovered in European Ministry of Foreign Affairs Linked to Russian Cyberespionage Group

In a recent cybersecurity revelation, researchers have uncovered two new backdoors embedded within the infrastructure of a European Ministry of Foreign Affairs (MFA) and its diplomatic missions. Slovakian cybersecurity firm ESET identified these backdoors, named “LunarWeb” and “LunarMail,” and attributed them to the Turla cyberespionage group, believed to have ties to Russian interests.

Turla, operating since at least 2004 and possibly earlier, is known for targeting high-profile entities such as governments and diplomatic organizations in Europe, Central Asia, and the Middle East. The group has previously breached significant organizations like the US Department of Defense and the Swiss defense company RUAG.

The LunarWeb backdoor infiltrates servers covertly, using HTTP(S) communication while mirroring legitimate traffic patterns to avoid detection. It employs steganography to embed commands within innocuous images, evading detection mechanisms effectively.

On the other hand, LunarMail embeds itself within Outlook workstations, blending in with email communications to spy on victims. It collects information and communicates with a command and control server through the Outlook Messaging API to receive instructions. LunarMail can write files, create processes, take screenshots, and more, all while concealing commands within email attachments using steganography.

The initial access vectors of the Turla hackers are suspected to involve vulnerabilities or spearphishing campaigns. The compromised entities were primarily associated with a European MFA, indicating a strategic intrusion. The researchers noted varying degrees of sophistication in the compromises, suggesting multiple individuals were involved in developing and operating these tools.

Overall, the discovery of these backdoors highlights the ongoing threat posed by state-sponsored cyber actors, with Russian-aligned groups like Turla being a significant concern for cybersecurity experts.

spot_img

Related articles

Recent articles

Walmart Shoppers Beware: Major Scam Hits Millions

Fact Check
A large-scale robocall scam is targeting millions of Walmart shoppers in the U.S. by impersonating the retailer’s customer service and inventing fake high-value purchases...
Read more

GCCA Celebrates Supreme Council’s Decision to Create GCC Civil Aviation Authority

Regional
GCC Civil Aviation Authority: A New Era for Gulf Air Travel A Significant Development for the Gulf Region The General Civil Aviation Authority (GCAA) of the...
Read more

Researchers Find Over 30 Vulnerabilities in AI Coding Tools That Risk Data Theft and RCE Attacks

Global
Unveiling the IDEsaster: Security Flaws in AI-Powered Coding Environments Overview of Recent Vulnerabilities A recent investigation has uncovered over 30 security vulnerabilities lurking within popular AI-powered...
Read more

XIXILI Transforms Plus-Size Lingerie in Malaysia

Regional
## A New Era for Plus Size Lingerie: Introducing XIXILI’s Collection ### Redefining Lingerie Shopping KUALA LUMPUR, MALAYSIA - In a bold move that reshapes the...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com