Turla APT used ANDROMEDA malware to infiltrate a variety of industries

Threat Advisories

Turla APT used ANDROMEDA malware to infiltrate a variety of industries

Threat Level
Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The Turla Group is reportedly distributing the KOPILUWAK reconnaissance software and the QUIETCANARY backdoor to victims of ANDROMEDA malware in Ukraine. ANDROMEDA malware, spread through infected USB drives. KOPILUWAK is a JavaScript-based reconnaissance utility that has been been distributed to victims as a first-stage malicious email attachment. Following the initial execution and reconnaissance carried out using KOPILUWAK, a lightweight .NET backdoor called QUIETCANARY