tom

Tomiris called, they want their Turla malware back

This one was pretty interesting, overlapping with Turla activity.

> The threat actor targets government and diplomatic entities in the CIS. The occasional victims discovered in other regions (such as the Middle East or South-East Asia) turn out to be foreign representations of CIS countries, illustrating Tomiris’s narrow focus.

https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/

Tomiris called, they want their Turla malware back

In this blog post, we’re excited to share what we now know of Tomiris with the broader community, and discuss further evidence of a possible connection to Turla.

Kaspersky
Apr 25, 2023 at 7:51pmWeb
Show threadtomApr 25, 2023

But Turla it seems to be not:

> […] Turla and Tomiris are separate actors. Tomiris is undoubtedly Russian-speaking, but its targeting and tradecrafts are significantly at odds with what we have observed for Turla. In addition, Tomiris’s general approach to intrusion and limited interest in stealth are significantly at odds with documented Turla tradecraft. […]

#turla #threat #tomiris