live casino online

A cyberespionage group known as Turla is targeting invitees, guests, and nation-state participants of the upcoming G20 task force summit in Hamburg, Germany with a backdoor named KopiLuwak (detected by live casino online as?TROJ_KOPILUWAK.A,?JS_KOPILUWAK.A, and JS_KOPILUWAK.B). The payload is capable of exfiltrating data, as well as downloading and triggering additional malware and executing arbitrary commands on the infected machine. Security researchers have since notified CERT-Bund, Germany¡¯s federal computer emergency response team.

[READ: What is spear-phishing, and how can you defend against it?]

Turla¡¯s latest campaign is noted for possibly using watering hole and spear-phishing emails that lure would-be victims with an email containing an invitation for a G20 Task Force summit on digital economy. The event is real, slated in October, and security experts note that the PDF, named Save the Date G20 Digital Economy Taskforce 23 24 October.pdf, attached in the spear-phishing emails appear to be a legitimate file but ultimately a decoy. It also drops a malicious JavaScript file that executes KopiLuwak in the infected system¡¯s memory when decrypted.

[RELATED: APT10/menuPass cyberespionage campaign Operation Cloud Hopper attacks managed service providers]

Turla, a Russian-speaking cyberespionage group, is known for using unique, stealthy tactics. They made in early June when their command and control (C&C) servers were found hiding in the comment section of Britney Spears¡¯ Instagram posts. The malware they delivered posed as a security extension/plug-in for Firefox and distributed via a compromised Swiss website. In , they were able to conceal their C&C servers by exploiting and abusing poorly secured satellite-based internet services. In , the cyberespionage group employed an open-source backdoor that targeted machines running the Linux operating system (OS).

[From TrendLabs Security Intelligence Blog: ]

The attack chain of Turla¡¯s latest campaign resembles one employed by other cyberespionage groups Pawn Storm and . Real events and legitimate documents were used as decoys to install backdoors on the machines of their targets of interest. This enables them to move laterally within the compromised network as well as steal confidential and mission-critical data.

These cyberespionage attacks highlight the need for organizations to be similarly proactive in order to prevent intrusion or mitigate their effects. IT/system administrators and information security professionals should adopt best practices against targeted attacks. Keeping the OS and its programs updated should be intuitive¡ªit helps prevent attackers from leveraging security flaws as doorways into the systems. Consider virtual patching in the absence of patches for certain vulnerabilities. Enforce the principle of least privilege. Secure your email gateways and, more importantly, implement defense in depth¡ªmultilayered security mechanisms¡ªto protect the security, integrity, and availability of your organization¡¯s important assets.