Turla (malware)

Turla or Uroboros (Russian: Турла) is a Trojan package that is suspected by computer security researchers and Western intelligence officers to be the product of a Russian government agency of the same name.[1][2][3]

High infection rates of the virus were observed in Russia, Kazakhstan and Vietnam, followed by US and China, and low infection rates in Europe, South America and Asia (including India).[4]

Malware

[edit]

Turla has been targeting governments and militaries since at least 2008.[2][5][6]

In December 2014 there was evidence of it targeting operating systems running Linux.[7]

Group

[edit]

The advanced persistent threat hacking group has also been named Turla.[1] The group has probably been operating since the late 1990s, according to professor Thomas Rid of Johns Hopkins University.[8] Dan Goodin in Ars Technica described Turla as "Russian spies".[9] Turla has since been given other names such as Snake, Krypton, and Venomous Bear.

US actions against group

[edit]

In May 2023 the United States Department of Justice announced that the United States had managed to infiltrate machines that were infected by the malware and issue a command ordering the malware to delete itself.[8] Affidavits from the FBI and DOJ revealed that the group was part of the Russian Federal Security Service Center 16 group in Ryazan.[8]

Possible GoldenJackal connection

[edit]

ESET noted that the command and control protocol used by GoldenJackal malware is typically used by Turla, suggesting the groups may be connected.[10]

See also

[edit]

References

[edit]
  1. ^ a b "The Russian Britney Spears Instagram hackers also used satellites to hide their tracks". Boing Boing. 8 June 2017.
  2. ^ a b "Suspected Russian spyware Turla targets Europe, United States". Reuters. 2014-03-13.
  3. ^ "Archived copy" (PDF). Archived from the original (PDF) on 2020-10-26. Retrieved 2018-03-01.{{cite web}}: CS1 maint: archived copy as title (link)
  4. ^ "Turla Hiding in the Sky: Russian Speaking Cyberespionage Group Exploits Satellites to Reach the Ultimate Level of Anonymity". kaspersky.com. 26 May 2021.
  5. ^ Brewster, Tom (7 August 2014). "Sophisticated 'Turla' hackers spying on European governments, say researchers". The Guardian.
  6. ^ "Turla: Spying tool targets governments and diplomats".
  7. ^ Baumgartner, Kurt (8 December 2014). "The 'Penquin' Turla". securelist.com.
  8. ^ a b c Greenberg, Andy (2023-05-20). "The Underground History of Russia's Most Ingenious Hacker Group". Wired. Retrieved 2023-08-20.
  9. ^ "You'll never guess where Russian spies are hiding their control servers". Ars Technica. 6 June 2017.
  10. ^ Lyons, Jessica (2024-10-09). "Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware". The Register. Retrieved 2024-10-16.