VERY IMPORTANT

Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat actor. This backdoor, called TinyTurla-NG, is similar to Turla's previous implant TinyTurla in coding style and functionality. TinyTurla-NG was seen targeting a Polish non-governmental organization working on improving Polish democracy and supporting Ukraine. The backdoor deployed PowerShell scripts called TurlaPower-NG to exfiltrate key material used to secure password databases, indicating an effort to steal login credentials.