TinyTurla-NG: In-depth tooling and command and control analysis
released on 2024-02-23 @ 08:49:54 AM
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT group. The investigation revealed details of the command and control scripts, including handling of requests and a web shell component. Three distinct PowerShell command sets were issued to the TinyTurla-NG backdoor to enumerate, stage, and exfiltrate files. Talos also uncovered the use of a modified Chisel tunneling tool, a privilege elevation tool, and credential harvesting scripts deployed via TinyTurla-NG.