A Russia-linked APT group utilizes PDF and MSBuild project files in a campaign to deliver the TinyTurla backdoor through socially engineered emails, showing an evolution in sophistication; the Turla APT, known for targeting NGOs supporting Ukraine, is likely behind the campaign, deploying PHP-based C2s in compromised websites; the attackers execute commands through a backdoor backdoor, enabled with multiple threads for specific tasks like 'upload' and 'download' in a seamless routine, making detection challenging but suggesting defenders to enhance email-filtering systems and restrict unauthorized usage of MSBuild.
https://www.darkreading.com/cyberattacks-data-breaches/russia-turla-apt-msbuild-tinyturla-backdoor