Threat Watch

Turla Group Targeting German Lawmakers, Military and Embassies

Russian Intelligence and Security Services have reported that a new wave of the “snake” attack campaign which used emails about Brexit to compromise the emails of a number of German lawmakers, Military Officials, and German Embassies around the world.  Snake is a malware created by the Turla group from Russia which is used to create a backdoor on infected systems.  The malware has been active since at least 2008 on Windows systems. In 2014 it was re-engineered to infect Linux systems, and in 2017 made the jump to Mac.  This latest campaign was detected on November 14th, but investigators have been unable to determine is any data was accessed.  While the only confirmed victims have been in the government, the statement made by the BfV, Germany’s domestic intelligence agency, indicated that there may have been non-government organizations which fell victim to this latest campaign. One of the primary methods of infection for the Snake malware is through a malicious Flash Player installer. It is important to note that some reporting on this attack campaign have been misreporting the attackers as “Snake Group.”

ANALYST NOTES

As noted above, Snake is the name of the malware that was used, the group who is believed to have been behind the attack and most attacks using the malware is Turla group who is likely part of the Russian Intelligence community.