Russian-based APT group Turla a.k.a. Waterbug is believed to have carried out attacks using infrastructure belonging to another cyber-espionage group. According to a report by security firm Symantec, Turla used OilRig aka APT34’s infrastructure in one of its attack campaigns. Symantec also described three recent campaigns carried out by the group, which involved new tools in their attacks.
Turla has been reported to mainly target governments, IT organizations and educational institutions across the world.
The big picture
Living-off-the-land technique used
Symantec suggests that the Russian-based group has moved towards using living-off-the-land attacks.
“Waterbug’s most recent campaigns have involved a swath of new tools including custom malware, modified versions of publicly available hacking tools, and legitimate administration tools. The group has also followed the current shift towards ‘living off the land’ making use of PowerShell scripts and PsExec, a Microsoft Sysinternals tool used for executing processes on other systems,” the report stated.