“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
https://threatpost.com/turla-apt-backdoor-afghanistan/174858/
Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.
https://threatpost.com/yanluowang-ransomware-thieflock-threat-actor/176640/