Epic Turla APT: espionage malware
Kaspersky has published an analysis of an espionage campaign, based in the malware Uroburos (named Turla by Kaspersky) discovered by G-Data earlier this year. According to Kaspersky, Epic Turla uses two zero-days (CVE-2013-5065 y CVE-2013-3346) as a base for the distribution of Turla/Uroburos. For infecting the victims, as an initial attack vector, Epic Turla employs spear phishing, watering holes and other social engineering techniques.
The espionage campaign is directed to government organizations, military, embassies, educational and research institutions or pharmaceutical companies. Given the complexity of the involved malware, intelligence agencies are suspected to be responsible.
In December, Kaspersky has published a new analysis in which they report an analyze a new variant of Turla aimed to Linux systems. This variant has been called Penquin Turla.
References:
- 07/08/2014 securelist.com The Epic Turla Operation
- 28/02/2014 blog.gdatasoftware.com Uroburos - highly complex espionage software with Russian roots
- 08/12/2014 securelist.com The 'Penquin' Turla: A Turla/Snake/Uroburos Malware for Linux
- 08/12/2014 arstechnica.com Powerful, highly stealthy Linux trojan may have infected victims for years
- 26/01/2015 docs.broadcom.com The Waterbug attack group
Tags: