Turla (malware)
 | This article may lack focus or may be about more than one topic. (June 2017) |
 | You can help expand this article with text translated from the corresponding article in Ukrainian. (June 2017) Click [show] for important translation instructions.
|
Turla or Uroboros (Russian: Турла) is a Trojan package that is suspected by computer security researchers and Western intelligence officers to be the product of a Russian government agency of the same name.[1][2][3]
High infection rates of the virus were observed in Russia, Kazakhstan and Vietnam, followed by US and China, and low infection rates in Europe, South America and Asia (including India).[4]
Malware
[edit]Turla has been targeting governments and militaries since at least 2008.[2][5][6]
In December 2014 there was evidence of it targeting operating systems running Linux.[7]
Group
[edit]The advanced persistent threat hacking group has also been named Turla.[1] The group has probably been operating since the late 1990s, according to professor Thomas Rid of Johns Hopkins University.[8] Dan Goodin in Ars Technica described Turla as "Russian spies".[9] Turla has since been given other names such as Snake, Krypton, and Venomous Bear.
US actions against group
[edit]In May 2023 the United States Department of Justice announced that the United States had managed to infiltrate machines that were infected by the malware and issue a command ordering the malware to delete itself.[8] Affidavits from the FBI and DOJ revealed that the group was part of the Russian Federal Security Service Center 16 group in Ryazan.[8]
Possible GoldenJackal connection
[edit]ESET noted that the command and control protocol used by GoldenJackal malware is typically used by Turla, suggesting the groups may be connected.[10]
See also
[edit]References
[edit]- ^ a b "The Russian Britney Spears Instagram hackers also used satellites to hide their tracks". Boing Boing. 8 June 2017.
- ^ a b "Suspected Russian spyware Turla targets Europe, United States". Reuters. 2014-03-13.
- ^ "Archived copy" (PDF). Archived from the original (PDF) on 2020-10-26. Retrieved 2018-03-01.
{{cite web}}: CS1 maint: archived copy as title (link) - ^ "Turla Hiding in the Sky: Russian Speaking Cyberespionage Group Exploits Satellites to Reach the Ultimate Level of Anonymity". kaspersky.com. 26 May 2021.
- ^ Brewster, Tom (7 August 2014). "Sophisticated 'Turla' hackers spying on European governments, say researchers". The Guardian.
- ^ "Turla: Spying tool targets governments and diplomats".
- ^ Baumgartner, Kurt (8 December 2014). "The 'Penquin' Turla". securelist.com.
- ^ a b c Greenberg, Andy (2023-05-20). "The Underground History of Russia's Most Ingenious Hacker Group". Wired. Retrieved 2023-08-20.
- ^ "You'll never guess where Russian spies are hiding their control servers". Ars Technica. 6 June 2017.
- ^ Lyons, Jessica (2024-10-09). "Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware". The Register. Retrieved 2024-10-16.
 | This malware-related article is a stub. You can help Wikipedia by expanding it. |