Codenamed "Crutch" by ESET researchers, the suspicious software has been assigned to Turla (also known as Venomous Bear or Snake) which is a Russian-based advanced hacker group known for its severe attacks against governments, embassies and military groups through various watering hole and spear-phishing methods starting from the year 2015 till the early 2020.

The Cyber Security firm while doing an analysis shared that the tools were designed to withdraw sensitive documents and other files to Dropbox accounts controlled by Turla operators.

Besides identifying strong links between a Crutch sample from 2016 and Turla's yet another second-stage secret door known as Gazer, the latest suspicious software in their diverse toolset points to the group's continued focus on spying against high-designated targets.Crutch is delivered either through the Skipper suite, a first-stage implant previously attributed to Turla with two different versions of the suspicious software spotted before and after mid-2019.

While the former included a secret door that communicates with a hardcoded Dropbox account using the official HTTP API , and it was responsible for receiving commands and uploading the results, the newer variant ("Crutch v4") denies the setup for a new feature which can automatically upload the files found on local and removable drives to Dropbox by using the Windows Wget utility.

ESRT Researcher Matthieu Faou stated that the sophistication of the attacks and technical details of the discovery further strengthen the perception that the Turla group has sufficient resources to operate such a large and diverse arsenal.