Turla

  • First known sample

    2007
  • Discovery

    2014
  • Number of targets

    100-1000
  • Current status

    Active
  • Type

    Complex cyberattack platform
  • Targeted platforms

    Linux , Windows
  • TOP targeted countries

    Algeria , Belarus , Brazil , CIS , Ecuador , France , Germany , India , Iran , Kazakhstan , Latvia , Mexico , Poland , Russia , Saudi Arabia , Serbia , Spain , USA , United Arab Emirates , Vietnam
  • Connected attacks

  • The way of propagation

    Exploits , Social engineering , Watering hole attacks
  • Purpose/Functions

    Cyberespionage , Data wiping , Surveillance
  • Special features
    Usage of satellite internet connection to hide command and control servers
  • Targets

    Academia/Research , Diplomatic organizations/embassies , Education , Government entities , Military , Pharmaceutical
  • Artefacts/Attribution
    Russian language artefacts
  • Description

    A Russian-speaking APT active since at least 1997 when it was suspected of being responsible for the Moonlight Maze operation. The group has been implicated in many high profile incidents, including the 2008 attack against the US Central Command. This actor leverages a wide variety of malware and is capable of compromising web servers, deploying zero-day exploits, effectively spear-phishing targets, developing network worms, and staying unnoticed for long periods. Their main targets are located in Central Asia and CIS countries, but they’ve also attacked NATO, global embassies, and government agencies in the Middle East.

    Additional information