NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Turla

Turla

G0010 Russia Espionage MITRE ATT&CK →

Also known as: IRON HUNTER · Group 88 · Waterbug · WhiteBear · Snake · Krypton · Venomous Bear · Secret Blizzard · BELUGASTURGEON

Overview

Turla is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least 2004, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies. Turla is known for conducting watering hole and spearphishing campaigns, and leveraging in-house tools and malware, such as Uroburos.

Targets

Education · Energy · Government · Healthcare · Military · Private sector

Regions

Belarus · France · Germany · India · Iran · Iraq · Kazakhstan · Netherlands · Poland · Romania · Russia · Saudi Arabia · South Korea · Tajikistan · United Kingdom · United States · Uzbekistan

Capabilities

  • Custom malware/implant development — ATT&CK: 17 attributed custom malware families

TTPs — 68 techniques across 13 tactics

Resource Development

Initial Access

Execution

Credential Access

Lateral Movement

Command and Control

Exfiltration

Tools & malware (30)

PsExec · nbtstat · ComRAT · netstat · certutil · Empire · Mosquito · KOPILUWAK · IronNetInjector · LunarWeb · Arp · Crutch · Uroburos · PowerStallion · Gazer · Kazuar · Systeminfo · LightNeuron · Carbon · Mimikatz · Tasklist · LunarMail · Net · Reg · HyperStack · Epic · NBTscan · TinyTurla · Penquin · LunarLoader

Reporting (3)