Turla Turla

  • First known sample

  • Discovery

  • Number of targets

  • Current status

  • Type

    Complex cyberattack platform
  • Targeted platforms

    Linux , Windows
  • TOP targeted countries

    Algeria , Belarus , Brazil , CIS , Ecuador , France , Germany , India , Iran , Kazakhstan , Latvia , Mexico , Poland , Russia , Saudi Arabia , Serbia , Spain , USA , United Arab Emirates , Vietnam
  • Connected attacks


More about the Turla group, its tactics, techniques, procedures and tools

Learn more
  • The way of propagation

    Exploits , Social engineering , Watering hole attacks
  • Purpose/Functions

    Cyberespionage , Data wiping , Surveillance
  • Special features

    Usage of satellite internet connection to hide command and control servers

  • Targets

    Academia/Research , Diplomatic organizations/embassies , Education , Government entities , Military , Pharmaceutical
  • Artefacts/Attribution

    Russian language artefacts

  • Description

    A Russian-speaking APT active since at least 1997 when it was suspected of being responsible for the Moonlight Maze operation. The group has been implicated in many high profile incidents, including the 2008 attack against the US Central Command. This actor leverages a wide variety of malware and is capable of compromising web servers, deploying zero-day exploits, effectively spear-phishing targets, developing network worms, and staying unnoticed for long periods. Their main targets are located in Central Asia and CIS countries, but they’ve also attacked NATO, global embassies, and government agencies in the Middle East.

    Additional information