skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Turla Group Uses Pakistani Hackers' Servers for Espionage

/ 1 min read

Turla exploits Pakistani hacking group’s infrastructure for espionage. The Russia-linked APT group Turla has infiltrated the command-and-control servers of the Pakistan-based hacking group Storm-0156 since December 2022, using this access to deploy custom malware against Afghan government networks. This operation, detailed by Lumen Technologies and Microsoft, highlights Turla’s strategy of embedding within other threat actors’ operations to obscure attribution and enhance its own capabilities. Turla has utilized Storm-0156’s infrastructure to deploy backdoors like TwoDash and MiniPocket, while also leveraging previously established malware such as Crimson RAT. This tactic allows Turla to gather intelligence on targets in South Asia with minimal direct engagement, showcasing a significant escalation in their cyber espionage efforts.