Home / Early Warning / Cybersecurity Highlights / Epic Turla APT: espionage malware

Epic Turla APT: espionage malware


Kaspersky has published an analysis of an espionage campaign, based in the malware Uroburos (named Turla by Kaspersky) discovered by G-Data earlier this year. According to Kaspersky, Epic Turla uses two zero-days (CVE-2013-5065 y CVE-2013-3346) as a base for the distribution of Turla/Uroburos. For infecting the victims, as an initial attack vector, Epic Turla employs spear phishing, watering holes and other social engineering techniques.

The espionage campaign is directed to government organizations, military, embassies, educational and research institutions or pharmaceutical companies. Given the complexity of the involved malware, intelligence agencies are suspected to be responsible.

In December, Kaspersky has published a new analysis in which they report an analyze a new variant of Turla aimed to Linux systems. This variant has been called Penquin Turla.