September 21, 2021 By Lisa Vaas
“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
The Turla advanced persistent threat (APT) group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported.
On Tuesday, Cisco Talos researchers said that they’ve spotted infections they attributed to the Turla group (aka Snake, Venomous Bear, Uroburos and WhiteBear) – a Russian-speaking APT. Those attacks are “likely” using a stealthy, “second-chance” backdoor to maintain access to infected devices, they noted.