Three New Pacifier APT Components Point to Russian-Linked Turla Group

In 2016, Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to social functions or conferences into executing the attachments. Our previous analysis of the Pacifier components revealed that it’s capable of dropping multi-stage backdoors and that the analyzed first stage dropper is also known as “Skipper” by other security vendors.
The Turla group is known for its variety of APT attack tactics ranging from spear phishing to watering hole campaigns aimed at selectively infecting victims. While the previous sample analyzed by Bitdefender researchers dropped a Trojan using an infected attachment, ESET researchers uncovered a watering hole campaign that instructed victims to install a JavaScript backdoor presented as a Firefox extension. While implemented differently, there were striking similarities to the way the Turla group implements functionalities.
Our new whitepaper covers an in-depth analysis of the three new backdoor modules, as well a short description of their capabilities and features.
tags
Author
Right now
Top posts
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
November 08, 2021
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
September 16, 2021
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021