Russian hacking group Turla alters browser components to install malware

1711

Russian hacking group Turla which is speculated being funded by the Vladimir Putin led government has launched a cyber-attack campaign to alter browser components to install spying malware.

It is a malware campaign that is being used to modify encrypted web traffic on Chrome and Firefox browsers.

 

Previously, the group is known to compromise internet service providers with sophisticated attack campaigns and has now turned up with a browser altering campaigns especially launched on Google web service components.

 

The objective of this snooping campaign is to simply target political parties and probables before the elections and sniff their whereabouts.

 

FYI, Turla Malware happens to be the same hacking group that has previously installed a backdoor on Firefox in 2015.

 

How the attack is being carried out by Russia’s Turla Malware?

 

The hacking campaign takes plain in a straight forward way by infecting a system with Remote Access Trojan (RAT) allowing an access point to the hacker. Then it installs a fake certificate to track down TLS traffic from the host and then patches random connections with negotiated number generates.

 

Note- TURLA which propels in the dark world with other names such as Snake, Krypton and Venomous Bear has been targeting military and government agencies since 2008. In the year 2014, the malware was found infecting Linux Operating Systems.

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display