A threat campaign luring users with malicious documents related to human rights and public notices is aimed at giving the Russia-backed threat group access to victims' systems for cyber-espionage purposes.
May 21, 2024 By Elizabeth Montalbano
A Russia-linked advanced persistent threat (APT) group has been abusing PDF and MSBuild project files in a campaign that uses socially engineered emails to deliver the TinyTurla backdoor as a fileless payload. The campaign's seamless delivery routine is a notable evolution in sophistication, researchers said.
Researchers from Cyble Researchers and Intelligence Labs (CRIL) identified the campaign, which uses emails with documents pitching invitations to human rights seminars or providing public advisories as a lure to infect users with TinyTurla. In a blog post published yesterday on the campaign, they said the attackers also impersonate legitimate authorities in an effort to lure victims in.
"When targeted individuals mistakenly believe this to be a legitimate invitation or advisory and open it, they could inadvertently install a tiny backdoor into their system," according to the post. Attackers then can use the backdoor to execute commands from a command-and-control (C2) server that they control and infiltrate the victim's system.