Turla A Master of Deception
This report details a recent campaign by the Turla threat group involving malicious LNK files that deliver a fileless backdoor. The attack leverages compromised websites PowerShell scripts and MSBuild to deploy the payload which employs various evasion techniques like disabling security features memory patching and AMSI bypass. The malware establishes communication with its command and control servers and is capable of executing additional PowerShell scripts. The analysis also provides insights into the malwares capabilities including its anti-detection mechanisms and ability to report information back to its operators.