large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Kazuar Trojan Masks As Sysinternals

The Turla group has changed its Kazuar backdoor and used a newer .Net obfuscator to make the analysis more difficult. The actor is using the famous Sysinternals brand to mask the files as being theirs, however, a quick analysis proves to the contrary. McAfee's telemetry shows activity from July 2019 to mid-2020 for some of the samples, however the reporting rate is low, aka a very specific and targeted use of the trojan.
Name Modified Date Sources
Operation Kazuar Trojan Masks As Sysinternals 2020-06-19