Crutch malware. Is Russian espionage lurking in your network?

US Cyber Command has found up to eight new malware types that were developed by Russian-based hackers, that have been involved in recent attacks.

Today, cyber security experts reveal the details behind one infamous malware known as “Crutch”. As malware goes, this beast from the east is a relatively old piece of malware software that used backdoors to steal sensitive files from organisations around the world.

Amongst others, “Crutch” has known to successfully infiltrate at least one Ministry of Affairs within the European Union.

The malware has been associated to the Russian-based hacker group Turla, who have been linked with attacks for over a decade on both European and former Eastern Bloc countries, as well as the United States. In 2014, Symantec discovered a Windows-based version of malware that attacked embassies and government departments. A few months later Kaspersky Lab discovered a similar attack on Linux-based systems.

“Crutch” was designed to find sensitive documents and secretly transfers them to external Dropbox accounts, where the hackers could anonymously steal the information. With Dropbox being a commonly used service for users, it makes spotting this malware’s activity through network traffic and traditional security infrastructure harder.

The malware demonstrates Turla’s continued focus on state and company espionage of high-profile targets. As part of the study, a newer variant of the malware was discovered. This demonstrates continued development of the malware, exposing both the information on unprotected computers and removable storage devices.

If you do not know if you have Crutch, or any other sophisticated attack active in your network, contact Fundamentals First and get protected with our fully scalable, outsourced Security Operations Centre.

Leave a comment

Your email address will not be published. Required fields are marked *

Contact Fundamentals First
× Contact Us