Targeting of Ukrainian organizations with old cybercrime malware
Date of report
  • January 2023
A Russian threat actor, Turla, used defunct command and control website domains to reactivate dormant backdoors installed before 2013 by criminal hackers. Turla then downloaded new information-stealing malware on the infected networks to identify whether they would be valuable for espionage.
Suspected victims
  • Ukrainian organizations
Suspected state sponsor
  • Russian Federation
Type of incident
  • Espionage
Target category
  • Private sector
Victim government reaction
  • Unknown
Policy response
Suspected state sponsor response