February 8, 2023

Turla, a well-known Russian threat actor with alleged ties to the Kremlin, was observed recycling a decade-old extinct malware to gain access to endpoints in Ukraine and spy on its targets.

A report by cybersecurity experts Mandiant found that by mid-2022, Turla was re-registering expired domains for Andromeda, a common banking Trojan that had been widely distributed nearly a decade ago, in 2013.