The PowerStallion tool is one of the numerous hacking tools in the arsenal of the infamous group Turla. Turla originates from Russia and has been known to be active for over a decade now, with the first indications of their activity starting back in 2008. They are known as one of the most elite hacking groups in the world. It is speculated that they may be linked to the Russian government as most of their targets are political. Their latest high-profile victim was the German Foreign Office. They also have targeted the US and French military in the past.
The PowerStallion tool is used as a backdoor meant to infiltrate and grant access to the targeted machine. It is very likely that the PowerStallion is only implemented as a Plan B option by Turla because it is known that the main backdoors used by Turla are Carbon and Gazer. It is speculated that the PowerStallion tool will only be used in case the two primary backdoors failed to execute properly. The Command and Control servers, which are used by this threat, are hosted in the public Microsoft OneDrive service. In an attack where the PowerStallion was utilized, it became evident that Turla likes to do its homework before initiating any action. The email address, which would connect to the Control and Command server used by the attackers was named after one of the individuals working in the business targeted, meaning that Turla had been collecting information about the company prior to the attack. It is likely that the main purpose of the PowerStallion is to spread the ComRAT 4 and to keep an eye on the anti-virus software used by its victims.
Institutions and business all around the globe often tend to overlook their cybersecurity, which can lead to some devastating harm. It is very important to have a reputable anti-malware application in place regardless if you are a company or a regular user.