Turla, a known Russian threat actor allegedly tied to the Kremlin, was observed recycling a decade-old and defunct malware to gain access to endpoints in Ukraine and spy on its targets.
A report by cybersecurity experts Mandiant found that in mid-2022, Turla was re-registering expired domains of Andromeda, a common banking trojan that was being widely distributed almost a decade ago – in 2013.
By doing so, the group would take over the malware’s command & control (C2) servers, gaining access to the once-infected endpoints and their sensitive information.