Turla APT used ANDROMEDA malware to infiltrate a variety of industries

Threat Level – Amber | Vulnerability Report
Download PDF

The Turla Group is reportedly distributing the KOPILUWAK reconnaissance software and the QUIETCANARY backdoor to victims of ANDROMEDA malware in Ukraine. ANDROMEDA malware, spread through infected USB drives. KOPILUWAK is a JavaScript-based reconnaissance utility that has been been distributed to victims as a first-stage malicious email attachment. Following the initial execution and reconnaissance carried out using KOPILUWAK, a lightweight .NET backdoor called QUIETCANARY

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox