Threat Intelligence

Updated Kazuar backdoor deployed by Turla hacking group

Attacks with an updated Kazuar second-stage payload with improved stealth and detection evasion capabilities have been launched by Russian state-backed hacking group Turla, also known as Pensive Ursa, according to The Hacker News. Aside from including sophisticated anti-analysis techniques and more robust obfuscation, Kazuar has also been improved to support 19 more features since its emergence in 2017, including those enabling extensive system profiling, credential exfiltration, file manipulation, data gathering, and arbitrary command execution, a report from Palo Alto Networks' Unit 42 revealed. "In addition to direct HTTP communication with the C2, Kazuar has the ability to function as a proxy, to receive and send commands to other Kazuar agents in the infected network," said researchers, which added that named pipes used by the malware for proxy communications facilitate peer-to-peer communication across various malware instances. Such findings follow a Kaspersky report detailing custom backdoor attacks against Russian state and industrial entities since June.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.