Turla
-
First known sample
2007 -
Discovery
2014 -
Number of targets
100-1000 -
Current status
Active -
Type
Complex cyberattack platform -
Targeted platforms
Linux , Windows -
TOP targeted countries
Algeria , Belarus , Brazil , CIS , Ecuador , France , Germany , India , Iran , Kazakhstan , Latvia , Mexico , Poland , Russia , Saudi Arabia , Serbia , Spain , USA , United Arab Emirates , Vietnam -
Connected attacks
-
The way of propagation
Exploits , Social engineering , Watering hole attacks -
Purpose/Functions
Cyberespionage , Data wiping , Surveillance -
Special features
Usage of satellite internet connection to hide command and control servers
-
Targets
Academia/Research , Diplomatic organizations/embassies , Education , Government entities , Military , Pharmaceutical -
Artefacts/Attribution
Russian language artefacts
-
Description
A Russian-speaking APT active since at least 1997 when it was suspected of being responsible for the Moonlight Maze operation. The group has been implicated in many high profile incidents, including the 2008 attack against the US Central Command. This actor leverages a wide variety of malware and is capable of compromising web servers, deploying zero-day exploits, effectively spear-phishing targets, developing network worms, and staying unnoticed for long periods. Their main targets are located in Central Asia and CIS countries, but they’ve also attacked NATO, global embassies, and government agencies in the Middle East.