A Russian-linked group known as Turla has been deploying a secondary backdoor against numerous targets, Cisco Talos says. Turla disguises the malware as a legitimate Microsoft file that is named “Windows Time Service” The group has been active since the mid-1990s and is one of the oldest operating advanced persistent threat groups that have links to Russia’s FSB – formerly KGB – according to a study published in February by security researchers at VMware. The group includes Turla in a list of Russian-backed APT groups that includes APT28, APT29 and Sandworm.”]
Source: https://www.cuinfosecurity.com/russian-linked-group-using-secondary-backdoor-against-targets-a-17592