European MFA Targeted by Russian Hackers Using New Backdoors for Espionage

Dark Watch
European MFA Targeted by Russian Hackers Using New Backdoors for Espionage

Published:

Written by: Staff Editor
spot_img

New Backdoors Discovered in European Ministry of Foreign Affairs Linked to Russian Cyberespionage Group

In a recent cybersecurity revelation, researchers have uncovered two new backdoors embedded within the infrastructure of a European Ministry of Foreign Affairs (MFA) and its diplomatic missions. Slovakian cybersecurity firm ESET identified these backdoors, named “LunarWeb” and “LunarMail,” and attributed them to the Turla cyberespionage group, believed to have ties to Russian interests.

Turla, operating since at least 2004 and possibly earlier, is known for targeting high-profile entities such as governments and diplomatic organizations in Europe, Central Asia, and the Middle East. The group has previously breached significant organizations like the US Department of Defense and the Swiss defense company RUAG.

The LunarWeb backdoor infiltrates servers covertly, using HTTP(S) communication while mirroring legitimate traffic patterns to avoid detection. It employs steganography to embed commands within innocuous images, evading detection mechanisms effectively.

On the other hand, LunarMail embeds itself within Outlook workstations, blending in with email communications to spy on victims. It collects information and communicates with a command and control server through the Outlook Messaging API to receive instructions. LunarMail can write files, create processes, take screenshots, and more, all while concealing commands within email attachments using steganography.

The initial access vectors of the Turla hackers are suspected to involve vulnerabilities or spearphishing campaigns. The compromised entities were primarily associated with a European MFA, indicating a strategic intrusion. The researchers noted varying degrees of sophistication in the compromises, suggesting multiple individuals were involved in developing and operating these tools.

Overall, the discovery of these backdoors highlights the ongoing threat posed by state-sponsored cyber actors, with Russian-aligned groups like Turla being a significant concern for cybersecurity experts.

spot_img

Related articles

Recent articles

Verdant IMAP Wins Best Private Equity Advisory at 2025 Africa Service Providers Awards

Regional
Verdant IMAP Wins Top Honor at Africa Global Funds Awards 2025 Verdant IMAP has been recognized at the Africa Global Funds (AGF) Africa Service Providers...
Read more

CISA Warns of VMware Zero-Day Exploit Used by China-Linked Hackers in Ongoing Attacks

Global
Cybersecurity Alert: Critical Vulnerability in VMware Affects Many Systems Overview of the Vulnerability On October 31, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) flagged...
Read more

Defense Contractor Manager Admits Guilt in Selling Cyber Exploits to Russian Broker

Resources
Understanding Insider Threats in Cybersecurity: The Case of Peter Williams Insider threats in cybersecurity pose a significant risk to national security and corporate integrity. The...
Read more

Nvidia: A Tech Titan Surpassing India’s Economy in the AI Era

Fact Check
Nvidia’s Historic $5 Trillion Valuation: A New Era in Global Economics New Delhi | Business Desk In a monumental moment that reshapes the landscape of global...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com