New details on TinyTurla’s post-compromise activity reveal full kill chain
released on 2024-03-21 @ 07:53:38 PM
Cisco Talos provides an update on its reports on a campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG implant. The analysis reveals Turla infected systems in a European NGO's network, compromised the first system, established persistence, and added exclusions to AV products. Turla then opened channels via Chisel for exfiltration and pivoting. The full kill chain is traced from compromise to exfiltration.