TinyTurla - Secret backdoor on victim machines

Simple and efficient Security researchers at Cisco Talos say that TinyTurla is a "previously undiscovered" backdoor from the Turla APT group that has been used since at least 2020, slipping past malware detection systems particularly because of its simplicity. "This malware specifically caught our eye when it targeted Afghanistan prior to the Taliban's recent takeover of the government there and the pullout of Western-backed military forces" - Cisco Talos Forensic evidence indicates that Turla APT (advanced persistent threat) actors have been targeting the previous Afghan government with the newly discovered backdoor. However, Cisco Talos' telemetry data, which is how the researcher discovered the new malware, shows that TinyTurla has also been deployed on systems in the U.S. and Germany. Linking the TinyTurla backdoor to the Russian state hackers was possible because the threat actor used the same infrastructure seen in other attacks attributed to the Turla APT group. "One public reason why we attributed this backdoor to Turla is the fact that they used the same infrastructure as they used for other attacks that have been clearly attributed to their Penguin Turla infrastructure" - Cisco Talos In research published today, the researchers say that the hackers used the malware "as a second-chance backdoor to maintain access to the system" if the primary access tool got removed. Compared to a full-fledged backdoor, TinyTurla's functionality is limited to essential tasks that include downloading, uploading, and executing files