For HomeFor BusinessFor Partners
Anti-Malware Research Whitepapers
1 min read

Three New Pacifier APT Components Point to Russian-Linked Turla Group

Liviu ARSENE
Liviu ARSENE

September 01, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Three New Pacifier APT Components Point to Russian-Linked Turla Group

In 2016, Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to social functions or conferences into executing the attachments. Our previous analysis of the Pacifier components revealed that it’s capable of dropping multi-stage backdoors and that the analyzed first stage dropper is also known as “Skipper” by other security vendors.

The Turla group is known for its variety of APT attack tactics ranging from spear phishing to watering hole campaigns aimed at selectively infecting victims. While the previous sample analyzed by Bitdefender researchers dropped a Trojan using an infected attachment, ESET researchers uncovered a watering hole campaign that instructed victims to install a JavaScript backdoor presented as a Firefox extension. While implemented differently, there were striking similarities to the way the Turla group implements functionalities.

Our new whitepaper covers an in-depth analysis of the three new backdoor modules, as well a short description of their capabilities and features.

Download the whitepaper

tags

Anti-Malware Research Whitepapers

Author

Liviu ARSENE

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.

View all posts

Right now Top posts

Active Subscription Scam Campaigns Flooding the Internet
Scam Research

Active Subscription Scam Campaigns Flooding the Internet

April 30, 2025

8 min read
Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware
Anti-Malware Research

Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware

June 08, 2023

5 min read
Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series
IoT Research Whitepapers

Vulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series

May 02, 2023

2 min read
EyeSpy - Iranian Spyware Delivered in VPN Installers
Anti-Malware Research Whitepapers

EyeSpy - Iranian Spyware Delivered in VPN Installers

January 11, 2023

2 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
Anti-Malware Research

Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Anti-Malware Research

Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Anti-Malware Research

Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam

Bookmarks

loader