Tomiris called, they want their Turla malware back

Kaspersky introduced Tomiris to the world in September 2021, following their investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). Kaspersky researchers initial report described links between a Tomiris Golang implant and SUNSHUTTLE (which has been associated to NOBELIUM/APT29/TheDukes) as well as Kazuar (which has been associated to Turla); however, interpreting these connections proved difficult.

Kaspersky continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group.

Read more…
Source: Kaspersky