
A rare overlap in malware delivery and targets recently between two separate and traditionally very different Russian hacking groups appears to indicate some type of pooling of their resources.
Researchers from Kaspersky Lab spotted Turla - aka Venemous Bear/Snake/ Uroburos - using the same method of malware delivery used by Zebrocy, a subgroup of Sofacy - aka Fancy Bear/APT 28 - and each going after some of the same geopolitical targets in central Asia.
Specifically, Zebrocy dropped its JavaScript-based KopiLuwak backdoor malware in much the same manner as Zebrocy had dropped its malware a month before in other attacks.
Costin Raiu, director of Kaspersky's global research and analysis team, says it's either that the two groups have access to the same developer resources,...(continued)