The Russian Turla hacker group has targeted the Ukrainian defense sector and other Eastern European entities with a novel backdoor, dubbed DeliveryCheck, to deploy secondary payloads likely used for espionage, according to Microsoft.
Security researchers at Microsoft’s Threat Intelligence said DeliveryCheck is .NET-based malware distributed through email that contains documents containing malicious macros. The Computer Emergency Response Team of Ukraine confirmed Microsoft’s findings, saying it has monitored activity that includes targeted cyberattacks against defense forces using a malware called Capibar – the same malware that Microsoft calls DeliveryCheck and Mandiant has dubbed Gameday.