As the Pure7 Incident Response Team, we have once again identified a threat actor belonging to the ransomware group we previously detected and referred to as “TurkAsist.” Following a period of inactivity in April 2025, the group has resumed its operations and launched a new phishing campaign specifically targeting professionals in the legal sector, particularly personnel who use the UYAP system.
The attackers have significantly improved their proficiency in the Turkish language, enabling them to craft highly convincing emails. They are distributing malicious .jar files via Google Drive, a method that makes threat detection more challenging and reflects a highly targeted attack strategy.
