This attack / breach fits perfectly with the methods and motives of Turla, which is known for theft intelligence and espionage of government agencies in DIFFERENT countries.
The Turla hackers used backdoors and RAT
To disrupt the European governing body, the attackers used a combination trojans (RAT) and RPC-based backdoors, including HyperStack.
"Specifically, Accenture researchers found new command and control (C&C) configurations for Carla and Kazuar backdoors by Turla in the same network of a victim", Said the ACTI researchers.
The hacking group Turla has violated thousands systems belonging to governments, embassies, as well as in educational and research institutions in more than 100 countries.
"Turla will probably continue to use its old tools, with some upgrades, to breach and maintain access in its victim networks, as these tools have proven effective in networks based on Windows" they said Investigators.
ACTI advises everyone government agencies to control their networks to detect evidence of violation. It also urges them to develop threat detection methods that will be able to prevent future attacks of Turla.
Unorthodox espionage campaigns
The hacking group Turla (also known as Waterbug and VENOMOUS BEAR) has been active since 1996 and is considered a key suspect in attacks on Pentagon and NASA, The US Central AdministrationThe Finnish Ministry of Foreign Affairs and Eastern European Ministries of Foreign Affairs.
Investigators say it is a hacking team funded by Russian government and uses it unorthodox methods for espionage.
For example, hackers have created backdoor trojans with their own APIs to reverse communication flows and malware that uses comments on Britney Spears Instagram photos. They have also seized the infrastructure and malware of the Iranian hacking team OilRig to use them in their own campaigns.
In May, ESET spotted a new version ComRAT backdoor (controlled by Turla) and uses the Gmail interface in attacks aimed at stealing data from government institutions.
Also, according to Bleeping Computer, the Kaspersky had discovered another malware believed to be related to the hacking group Turla. It was a RAT, with the name COMpfun, used in attacks against European diplomatic entities.