Epic Turla

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Epic Turla, also known as Snake or Uroburos, is a sophisticated multi-stage malware attack that was extensively researched and documented in 2014. The campaign, dubbed "Epic Turla," was orchestrated by a group of attackers who utilized the Epic malware family, known for its dynamic and adaptive nature. These attackers were noted for their ability to switch between different exploits or methods depending on the resources available at any given time, demonstrating an advanced level of cyber-espionage proficiency. Over a span of ten months, Kaspersky Lab researchers analyzed this expansive operation, which infected several hundred computers across more than 45 countries worldwide. The victims of these attacks included a wide range of high-profile targets such as government institutions, embassies, military establishments, educational institutions, research facilities, and pharmaceutical companies. This broad spectrum of targets underlines the serious threat posed by the Epic Turla operation. The Epic Turla operation represents a significant milestone in the evolution of malware-based cyber-espionage. Its use of the Epic malware, a part of the Turla Advanced Persistent Threat (APT), and the wide-scale impact of its operations have made it a subject of keen interest among cybersecurity researchers. Notably, the Turla APT has been linked to other major cyber-espionage activities, including the Agent.btz operation, highlighting the persistent and evolving threat posed by this group of attackers.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Turla
2
Turla, also known as Pensive Ursa, is a sophisticated threat actor linked to Russia that has been active for many years. The group is known for its advanced cyber-espionage capabilities and has been associated with numerous high-profile breaches. According to the MITRE ATT&CK and MITRE Ingenuity dat
Agent.btz
1
Agent.btz, also known as ComRAT v4, is a remote access trojan (RAT) developed using C++ and employing a virtual FAT16 file system. This malicious software was one of the earliest backdoors used by Pensive Ursa, a cyber-espionage group. Notably, the malware is frequently used to exfiltrate sensitive
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Espionage
Exploits
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Epic Turla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
EKANS Ransomware and ICS Operations | Dragos Dragos
Trend Micro
10 months ago
Examining the Activities of the Turla APT Group
MITRE
a year ago
Mac Malware of 2017
MITRE
a year ago
The ‘Penquin’ Turla
MITRE
a year ago
Introducing WhiteBear
MITRE
a year ago
The Epic Turla Operation
MITRE
a year ago
Shedding Skin - Turla’s Fresh Faces | Securelist