Capibar Malware Used in Turla Espionage Attacks

Cyberespionage attacks on the defense sector in Ukraine and Eastern Europe have been tied to the Russian APT group Turla by Ukraine’s governmental computer emergency response team. The malware used, named Capibar, is spread through email attachments with malicious macros. It reportedly aims to steal files from the Signal messaging application in addition to documents and images from targeted systems, mainly targeting Microsoft Exchange servers. The attacks were linked to Turla due to the specific techniques and malware used.