Epic Turla

Malware updated 7 months ago (2024-05-04T19:42:21.440Z)

Download STIX

Preview STIX

Epic Turla, also known as Snake or Uroburos, is a sophisticated multi-stage malware attack that was extensively researched and documented in 2014. The campaign, dubbed "Epic Turla," was orchestrated by a group of attackers who utilized the Epic malware family, known for its dynamic and adaptive nature. These attackers were noted for their ability to switch between different exploits or methods depending on the resources available at any given time, demonstrating an advanced level of cyber-espionage proficiency. Over a span of ten months, Kaspersky Lab researchers analyzed this expansive operation, which infected several hundred computers across more than 45 countries worldwide. The victims of these attacks included a wide range of high-profile targets such as government institutions, embassies, military establishments, educational institutions, research facilities, and pharmaceutical companies. This broad spectrum of targets underlines the serious threat posed by the Epic Turla operation. The Epic Turla operation represents a significant milestone in the evolution of malware-based cyber-espionage. Its use of the Epic malware, a part of the Turla Advanced Persistent Threat (APT), and the wide-scale impact of its operations have made it a subject of keen interest among cybersecurity researchers. Notably, the Turla APT has been linked to other major cyber-espionage activities, including the Agent.btz operation, highlighting the persistent and evolving threat posed by this group of attackers.

Description last updated: 2024-05-04T17:54:53.042Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Turla is a possible alias for Epic Turla. Turla, a threat actor linked to Russia, is known for its sophisticated cyber espionage operations. The group has been associated with numerous high-profile attacks, often utilizing advanced backdoors and fileless malware for infiltration and persistence. Turla's tactics, techniques, and procedures (	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Epic Turla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	2 years ago	EKANS Ransomware and ICS Operations \| Dragos Dragos
Trend Micro	a year ago	Examining the Activities of the Turla APT Group
MITRE	2 years ago	Mac Malware of 2017
MITRE	2 years ago	The ‘Penquin’ Turla
MITRE	2 years ago	Introducing WhiteBear
MITRE	2 years ago	The Epic Turla Operation
MITRE	2 years ago	Shedding Skin - Turla’s Fresh Faces \| Securelist