Beware of TinyTurla-NG: Russian Hackers Weaponize WordPress to Siphon Secrets

Beware of TinyTurla-NG, the latest malware from Russia’s Turla hackers, turning WordPress sites into sneaky command centers. It’s like Mission Impossible, but with more coding and less Tom Cruise.

Hot Take:

Look out! The Russian hacker squad known as Turla is playing hide and seek with NGOs, using WordPress sites as their digital jungle gym. They’re slinging new malware toys, TinyTurla-NG and TurlaPower-NG, to sneak into networks and snatch passwords like candy from a baby. Moral of the story? Update your website before it becomes a cybercriminal’s Airbnb!

Key Points:

  • Russian hacker group Turla is back at it again, using TinyTurla-NG and TurlaPower-NG malware to infiltrate organizations and pilfer sensitive data.
  • The cyber espionage aficionados have weaponized vulnerable WordPress sites for their command and control shenanigans and as storage units for malicious PowerShell scripts.
  • These digital puppeteers have been pulling strings since 2004 and are connected to Russia’s FSB, targeting a medley of sectors for their espionage escapades.
  • TinyTurla-NG, the cyber equivalent of a roach motel, acts as a backdoor to ensure Turla’s access even when other entryways are slammed shut.
  • Cisco Talos has shared some breadcrumbs in the form of indicators of compromise, so you can tell if you’ve been visited by these unwanted guests.

Need to know more?

Spying Made Simple with WordPress

Imagine a world where your neglected WordPress site becomes the hotspot for international spies. That's right, Turla's been busy turning these sites into command and control centers faster than you can say "update now!" By exploiting these antique versions of WordPress, they've established a cozy base for their TinyTurla-NG backdoor operations, making sure they always have a way in to play with their target's digital toys.

NG in the NGO

Non-Governmental Organizations (NGOs), particularly those supporting Ukraine, found themselves in the crosshairs of Turla's latest cyber weaponry. The new malware toys, TinyTurla-NG, and its sidekick TurlaPower-NG, are like digital pickpockets, swiping master passwords and sensitive data faster than a conjurer at a magic show. These NGOs in Poland are getting a crash course in cybersecurity, whether they signed up for it or not.

Commands, Controls, and Clandestine Operations

With a few keystrokes on their compromised WordPress consoles, Turla's operators can play god with the TinyTurla-NG backdoor. They're changing sleep timers, swapping shells, and redirecting to backup URLs like they're tweaking settings on their favorite video game. And when they decide it's game over? They just type 'killme' and poof! Evidence goes up in a puff of digital smoke, leaving just a lonely BAT file behind.

Malware's Fashion Show: The Turla Collection

Fashion in the malware world isn't about who wears it best but who hides it best. TinyTurla-NG is the sleek, slim-fit backdoor with features spread across various threads, ensuring Turla's presence remains as persistent as that one song you can't get out of your head. And let's not forget its companion, TurlaPower-NG, which is all about accessorizing—specifically with archives of your stolen passwords and data. But don't worry, they're not into MP4s; videos are so last season.

The Spy Who Came in from the Code

TinyTurla-NG may be the new kid on the block, but it shares some family traits with its older sibling, TinyTurla. Both serve as Turla's secret passageway into networks, ensuring that even when one door closes, a hidden trap door is always ready. And while they may not be identical twins, the similarities in their coding style and functionality hint at a family reunion of sorts in the malware underworld.

A Helping Hand from Cisco Talos

In a world where cyber good guys are hard to come by, Cisco Talos is the knight in shining armor. They've not only uncovered these nefarious schemes but also graciously left a trail of breadcrumbs in the form of indicators of compromise for the rest of us. So, if you're feeling a bit paranoid about unexpected guests in your network, take a peek at their .TXT and .JSON files. It's like setting up a security cam for your digital home.

Tags: Compromised WordPress Sites, Cyber Espionage, Data Exfiltration, Indicators of Compromise, Malicious PowerShell Scripts, Malware Analysis, Russian Hacker Group Turla