Russia-linked threat group Turla has released new variants of the KopiLuwak Trojan in attacks detected since the beginning of this year, Kaspersky’s security researchers reveal.
Also known as Venomous Bear, Waterbug, and Uroboros, the threat actor was discovered in 2014, but its roots go back at least a decade before. The group is mainly focusing on diplomatic and government-related targets in the Middle East, Central and Far East Asia, Europe, North and South America and former Soviet bloc nations.
This year, Turla has been updating its portfolio of tools, albeit using a familiar coding style. One of the previously tools used by the group is LightNeuron, a sophisticated backdoor designed to hijack Microsoft Exchange mail servers.