TinyTurla-NG in-depth tooling and command and control analysis

• Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.

• Talos also illustrates the post-compromise activity carried out by the operators of the TinyTurla-NG (TTNG) backdoor to issue commands to the infected endpoints. We found three distinct sets of PowerShell commands issued to TTNG …

analysis apt cert cisco cisco talos command command and control components compromise compromised control cooperation findings malicious ngo scripts servers talos tinyturla-ng tooling turla wordpress