Epic Turla

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Epic Turla, also known as Snake or Uroburos, is a sophisticated multi-stage malware attack that was extensively researched and documented in 2014. The campaign, dubbed "Epic Turla," was orchestrated by a group of attackers who utilized the Epic malware family, known for its dynamic and adaptive nature. These attackers were noted for their ability to switch between different exploits or methods depending on the resources available at any given time, demonstrating an advanced level of cyber-espionage proficiency. Over a span of ten months, Kaspersky Lab researchers analyzed this expansive operation, which infected several hundred computers across more than 45 countries worldwide. The victims of these attacks included a wide range of high-profile targets such as government institutions, embassies, military establishments, educational institutions, research facilities, and pharmaceutical companies. This broad spectrum of targets underlines the serious threat posed by the Epic Turla operation. The Epic Turla operation represents a significant milestone in the evolution of malware-based cyber-espionage. Its use of the Epic malware, a part of the Turla Advanced Persistent Threat (APT), and the wide-scale impact of its operations have made it a subject of keen interest among cybersecurity researchers. Notably, the Turla APT has been linked to other major cyber-espionage activities, including the Agent.btz operation, highlighting the persistent and evolving threat posed by this group of attackers.
What's your take? (Question 1 of 0)
0d427aa3-0ee7-4aee-8862-3afb3bfbb247 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Turla
2
Turla, also known as Pensive Ursa, Snake, Uroburos, Waterbug, Venomous Bear, and KRYPTON, is a threat actor that has been active since at least 2004. This group, which is believed to be Russia-sponsored, primarily targets diplomatic and government organizations, private businesses, and non-governmen
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Epic Turla Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The ‘Penquin’ Turla
Trend Micro
8 months ago
Examining the Activities of the Turla APT Group
MITRE
a year ago
The Epic Turla Operation
MITRE
a year ago
EKANS Ransomware and ICS Operations | Dragos Dragos
MITRE
a year ago
Introducing WhiteBear
MITRE
a year ago
Mac Malware of 2017
MITRE
a year ago
Shedding Skin - Turla’s Fresh Faces | Securelist