TinyTurla Next Generation - Turla APT spies on Polish NGOs
Cisco Talos has identified a new backdoor authored and operated by the Turla APT group a Russian cyber espionage threat actor. This backdoor called TinyTurla-NG is similar to Turlas previous implant TinyTurla in coding style and functionality. TinyTurla-NG was seen targeting a Polish non-governmental organization working on improving Polish democracy and supporting Ukraine. The backdoor deployed PowerShell scripts called TurlaPower-NG to exfiltrate key material used to secure password databases indicating an effort to steal login credentials.