To Customer Support To Customer Support

Powerful, highly stealthy Linux trojan may have infected victims for years (Penquin Turla)

  • 8 December 2014
  • 6 replies
  • 3 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
This is another one that has been undiscovered for years which can't be detected using the common netstat command..
 

Backdoor tied to espionage campaign that has targeted governments in 45 countries.

by Dan Goodin - Dec 8 2014
 
Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.
The previously undiscovered malware represents a missing puzzle piece tied to "Turla," a so-called advanced persistent threat (APT) disclosed in August by Kaspersky Lab and Symantec. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers—who are probably backed by a nation-state, according to Symantec—were known to have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities, at least two of which were zero-day bugs. The malware was notable for its use of a rootkit that made it extremely hard to detect.
Now researchers from Moscow-based Kaspersky Lab have detected Linux-based malware used in the same campaign. Turla was already ranked as one of the top-tier APTs, in the same league as the recently disclosed Regin for instance. The discovery of the Linux component suggests it is bigger than previously thought and may presage the discovery of still more infected systems.
 
Full Article

6 replies

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
by Pierluigi Paganini on December 9th, 2014
 

Security experts at Kaspersky Lab have detected the first strain of Turla malware that was designed to infect Linux system and so called Penquin Turla.

 
Security Experts at Kaspersky have discovered a new variant of Turla malware which was designed to hit Linux systems and for this reason it was called the Penquin Turla.
The investigation started after that apparently a new strain of malware was uploaded to a multi-scanner service. The malware was a previously unknown piece of a government malware, Turla, considered by the experts one of the most complex APTs in the history.
Turla was detected for the first time by researchers at BAE, which believe that the malware was developed by a Russian cyber specialists, probably all these instances are part of a cyber weapon program of the Government of Moscow.
 
 
http://securityaffairs.co/wordpress/wp-content/uploads/2014/12/Turla-Penquin.png
 
Full Article
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
@ has Webroot got this threat covered yet?
Rakanisheu Retired
Userlevel 7
We dont have a Linux client so we dont have coverage for this. 
R
Rank
Userlevel 7
By Darren Pauli, 9 Dec 2014
 
A malware instance built on the shoulders of a trojan so powerful it lead to the creation of the US Cyber Command has been updated with Linux-popping capabilities, Kaspersky researcher Kurt Baumgartner says.
The Turla advanced malware is thought to have employed its top notch stealth capabilities to remain hidden on some systems for up to four years, however those same traits meant much about its full capabilities and the extend of victims was unknown.
 
A suspected nation-state actor, thought by G-Data to be Russia, has in the past deployed the Windows variant to infectgovernment embassies and military agencies along with pharmaceutical, education and research companies across some 45 countries.
 
full article
R
Rank
Userlevel 7

Posted on 09.12.2014Kaspersky Lab researchers have discovered a new piece of the puzzle called Turla (aka Snake, aka Uroburos): the malware used by attackers does not come only in the Windows flavour, but in the Linux one as well.

The APT attackers behind the Turla campaigns are thought to be Russian-speaking. They use zero-day exploits, social engineering and watering hole techniques attacks to infect victims - government entities, embassies, military, research and education organizations and pharmaceutical companies - with rootkits/backdoors that allow them to take control of infected machines and execute commands on them, and steal files and deliver them to C&C servers under their control.

As far as we know, the attackers have operated this way for years. So far, researchers have managed to find and analyze the malware used for compromising 32-bit and 64-bit Microsoft Windows systems, but they believed that the attackers also wielded Linux malware. full article
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Thank you for the verification about it @ 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.