New Backdoors Discovered in European Ministry of Foreign Affairs Linked to Russian Cyberespionage Group

In a recent cybersecurity revelation, researchers have uncovered two new backdoors embedded within the infrastructure of a European Ministry of Foreign Affairs (MFA) and its diplomatic missions. Slovakian cybersecurity firm ESET identified these backdoors, named “LunarWeb” and “LunarMail,” and attributed them to the Turla cyberespionage group, believed to have ties to Russian interests.

Turla, operating since at least 2004 and possibly earlier, is known for targeting high-profile entities such as governments and diplomatic organizations in Europe, Central Asia, and the Middle East. The group has previously breached significant organizations like the US Department of Defense and the Swiss defense company RUAG.

The LunarWeb backdoor infiltrates servers covertly, using HTTP(S) communication while mirroring legitimate traffic patterns to avoid detection. It employs steganography to embed commands within innocuous images, evading detection mechanisms effectively.

On the other hand, LunarMail embeds itself within Outlook workstations, blending in with email communications to spy on victims. It collects information and communicates with a command and control server through the Outlook Messaging API to receive instructions. LunarMail can write files, create processes, take screenshots, and more, all while concealing commands within email attachments using steganography.

The initial access vectors of the Turla hackers are suspected to involve vulnerabilities or spearphishing campaigns. The compromised entities were primarily associated with a European MFA, indicating a strategic intrusion. The researchers noted varying degrees of sophistication in the compromises, suggesting multiple individuals were involved in developing and operating these tools.

Overall, the discovery of these backdoors highlights the ongoing threat posed by state-sponsored cyber actors, with Russian-aligned groups like Turla being a significant concern for cybersecurity experts.

European MFA Targeted by Russian Hackers Using New Backdoors for Espionage

New Backdoors Discovered in European Ministry of Foreign Affairs Linked to Russian Cyberespionage Group

Related articles

New Cybersecurity Legislation Introduced in Hong Kong

U.S. Agencies Issue Warning on National Security Risks Posed by Venture Capital

Threatening ICS: FrostyGoop Malware Linked to Russia poses a Risk

Recent articles

CrowdStrike Shares Initial Findings of Post Incident Review on Worldwide Microsoft Outage – Intelligent CISO

Snowflake and Meta Collaborate to Bring Advanced AI Technology to Security Review Magazine

The largest hacker alliance to date is set on targeting NATO

Security Flaw ‘PKFail’ Puts Millions of Devices at Risk of Secure Boot Bypass

Latest Updates

CrowdStrike Shares Initial Findings of Post Incident Review on Worldwide Microsoft Outage – Intelligent CISO

Snowflake and Meta Collaborate to Bring Advanced AI Technology to Security Review Magazine

The largest hacker alliance to date is set on targeting NATO

Security Flaw ‘PKFail’ Puts Millions of Devices at Risk of Secure Boot Bypass