Anti-Malware Research Whitepapers

Three New Pacifier APT Components Point to Russian-Linked Turla Group

In 2016, Bitdefender uncovered a new advanced persistent threat dubbed Pacifier, targeting government institutions starting in 2014. Using malicious .doc documents and .zip files distributed via spear phishing e-mails, attackers would lure victims with invitations to social functions or conferences into executing the attachments. Our previous analysis of the Pacifier components revealed that it’s capable of dropping multi-stage backdoors and that the analyzed first stage dropper is also known as “Skipper” by other security vendors.

The Turla group is known for its variety of APT attack tactics ranging from spear phishing to watering hole campaigns aimed at selectively infecting victims. While the previous sample analyzed by Bitdefender researchers dropped a Trojan using an infected attachment, ESET researchers uncovered a watering hole campaign that instructed victims to install a JavaScript backdoor presented as a Firefox extension. While implemented differently, there were striking similarities to the way the Turla group implements functionalities.

Our new whitepaper covers an in-depth analysis of the three new backdoor modules, as well a short description of their capabilities and features.

Sounds interesting? Download the full report now!

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.