Turla APT used ANDROMEDA malware to infiltrate a variety of industries
Turla APT used ANDROMEDA malware to infiltrate a variety of industries
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
The Turla Group is reportedly distributing the KOPILUWAK reconnaissance software and the QUIETCANARY backdoor to victims of ANDROMEDA malware in Ukraine. ANDROMEDA malware, spread through infected USB drives. KOPILUWAK is a JavaScript-based reconnaissance utility that has been been distributed to victims as a first-stage malicious email attachment. Following the initial execution and reconnaissance carried out using KOPILUWAK, a lightweight .NET backdoor called QUIETCANARY