Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020.
Codenamed “Crutch” by ESET researchers, the malware has been attributed to Turla (aka Venomous Bear or Snake), a Russia-based advanced hacker group known for its extensive attacks against governments, embassies, and military organizations through various watering hole and spear-phishing campaigns.
“These tools were designed to exfiltrate sensitive documents and other files to Dropbox accounts controlled by Turla operators,” the cybersecurity firm said in an analysis shared with The Hacker News.
The backdoor implants were secretly installed on several machines belonging to the Ministry of Foreign Affairs in an unnamed country of the European Union.
Besides identifying strong links between a Crutch sample from 2016 and Turla’s yet another second-stage backdoor called Gazer, the latest malware in their…