European MFA Targeted by Russian Hackers Using New Backdoors for Espionage

Dark Watch
European MFA Targeted by Russian Hackers Using New Backdoors for Espionage

Published:

Written by: Staff Editor
spot_img

New Backdoors Discovered in European Ministry of Foreign Affairs Linked to Russian Cyberespionage Group

In a recent cybersecurity revelation, researchers have uncovered two new backdoors embedded within the infrastructure of a European Ministry of Foreign Affairs (MFA) and its diplomatic missions. Slovakian cybersecurity firm ESET identified these backdoors, named “LunarWeb” and “LunarMail,” and attributed them to the Turla cyberespionage group, believed to have ties to Russian interests.

Turla, operating since at least 2004 and possibly earlier, is known for targeting high-profile entities such as governments and diplomatic organizations in Europe, Central Asia, and the Middle East. The group has previously breached significant organizations like the US Department of Defense and the Swiss defense company RUAG.

The LunarWeb backdoor infiltrates servers covertly, using HTTP(S) communication while mirroring legitimate traffic patterns to avoid detection. It employs steganography to embed commands within innocuous images, evading detection mechanisms effectively.

On the other hand, LunarMail embeds itself within Outlook workstations, blending in with email communications to spy on victims. It collects information and communicates with a command and control server through the Outlook Messaging API to receive instructions. LunarMail can write files, create processes, take screenshots, and more, all while concealing commands within email attachments using steganography.

The initial access vectors of the Turla hackers are suspected to involve vulnerabilities or spearphishing campaigns. The compromised entities were primarily associated with a European MFA, indicating a strategic intrusion. The researchers noted varying degrees of sophistication in the compromises, suggesting multiple individuals were involved in developing and operating these tools.

Overall, the discovery of these backdoors highlights the ongoing threat posed by state-sponsored cyber actors, with Russian-aligned groups like Turla being a significant concern for cybersecurity experts.

spot_img

Related articles

Recent articles

Criminal AI Accelerates Ordinary Crime by Streamlining Fraud Workflows

Features
Criminal AI Accelerates Ordinary Crime by Streamlining Fraud Workflows The rise of artificial intelligence (AI) in criminal activities is reshaping the landscape of cybersecurity threats....
Read more

Unmasking The Gentlemen: Ransomware Group’s Zeta88 Emerges as Key Operator Behind 332 Victims

Dark Watch
Unmasking The Gentlemen: Ransomware Group's Zeta88 Emerges as Key Operator Behind 332 Victims A cybercrime syndicate known as The Gentlemen has rapidly ascended to become...
Read more

Optro Report Exposes US$500K Losses for UAE Firms Due to Inadequate Business Continuity Management

Features
Optro Report Exposes US$500K Losses for UAE Firms Due to Inadequate Business Continuity Management As organizations across the Middle East grapple with an increasingly volatile...
Read more

56% of IT Leaders Cite Skills Gap as Primary Cause of Cybersecurity Breaches

Regional
56% of IT Leaders Cite Skills Gap as Primary Cause of Cybersecurity Breaches The cybersecurity landscape is facing a critical challenge, as highlighted in the...
Read more