Skipper

The Turla hacking group is one of the most infamous actors in the world of cybercrime. They have been given the APT (Advanced Persistent Threat) title by cybersecurity experts. This APT is believed to originate from Russia and is likely to be working with the Russian Government. The reason this is so widely believed is because of the targets that the Turla hacking group goes after. Most of the victims of the Turla APT are linked to politics in one way or another. Often, the targets are political actors in ex-Soviet states, as well as Western government entities. This is why malware experts believe that the efforts of the Turla APT are directed into furthering the political interests of the Kremlin.

This hacking group is well-known for its affinity to use old hacking tools alongside new ones. They tend to update their cyber-threats periodically by adding more and more new features. The Turla APT has released a new piece of malware called Skipper recently. It appears that the Skipper malware is a backdoor Trojan, which is likely to be used as a first-stage payload in Turla APT’s campaigns. It is believed that the end goal of the Skipper backdoor is to collect information about the infiltrated machine. Then, this threat siphons the data to the attackers and based on the information gathered, the attackers decide whether the infected host is worth their time. In case it turns out that it is worth their time, it is likely that the Skipper backdoor will facilitate the infiltration of second-stage threatening payload, which would be the main actor in the attack. Often, this second-stage payload will be either the Gazer Trojan or the Carbon Trojan.

It is likely that the propagation method of the Skipper malware is by spear-phishing email campaigns. The Turla APT has remained faithful to its brand, and the latest targets appear to be ex-Soviet countries and states located in South East Europe.

Persistent ill-minded actors like the Turla APT should concern all government entities. Often, such organizations tend to overlook their security online, and this is exactly what threats like the Turla hacking group are counting on.