The company ESET reports the discovery of a previously unknown malicious program, which is used in attacks on government and diplomatic institutions in Europe and the former Soviet republics.

It's about a cybercrime program called Turla. From the actions of intruders, users in more than 45 countries. And behind this large-scale attack, presumably, are Russian-speaking organizers.

Cybergroup Turla specializes in cyber espionage. Hackers use a wide range of tools, one of which is a discovered backdoor called Gazer.

The study showed that malware is installed on computers in several countries around the world, but mostly in Europe. Gazer receives tasks in an encrypted form from a remote command server and executes them in an infected system or on other network machines. Each Gazer sample has unique keys for encrypting and decrypting the sent and received data.

Gazer authors use their own library to encrypt 3DES and RSA, instead of publicly available.

It is curious that attackers use a virtual file system to avoid detection of a malicious program by antivirus products. This allows you to continue to attack even if the computer uses modern security tools.

"The authors of Gazer have done a great job to avoid detecting it. For this, in particular, it is intended to delete files from a compromised system and change lines of code, "say experts.