The Russian hackers in particular siphoned off the computers of the foreign ministry of a country of the European Union.
Eset security researchers have discovered a backdoor baptized Crutch which would have been used by the group of hackers Turla to spy, among other things, on several machines of the Ministry of Foreign Affairs of a country of the European Union. The Estonian secret services believe that the Turla group is an offshoot of the FSB, the Russian secret service which succeeded the KGB.
The particularity of Crutch is the use of a Dropbox account to exfiltrate the data gleaned on the targeted machines. In some versions of the backdoor, this Dropbox account also served as a command and control channel.
Eset – Exfiltration and C&C by Dropbox Eset – Exfiltration by Dropbox
Eset found two different installation methods, including one based on the open source PowerShell Empire tool. “This discovery shows that the Turla group has considerable resources to exploit a large and diverse arsenal”, conclude the Eset researchers.
Source : Eset