all InfoSec news
Tomiris called, they want their Turla malware back
Malware Analysis, News and Indicators - Latest topics malware.news
Introduction
We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). Our initial report described links between a Tomiris Golang implant and SUNSHUTTLE (which has been associated to NOBELIUM/APT29/TheDukes) as well as Kazuar (which has been associated to Turla); however, interpreting these connections proved difficult.
We continued to track Tomiris as a separate threat actor over three new attack campaigns …
actor apt29 attack back called campaigns cis connections dns golang government hijack introduction investigation links malware nobelium organization report september shed states telemetry threat threat actor tomiris turla world