Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Turla (malware)
open-in-new
<h2 id="malware">Malware</h2> <p>Turla has been targeting <a href="/facts/Government/N4bYL0VC">governments</a> and <a href="/facts/Military/kgNmLUnN">militaries</a> since at least 2008.<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a><a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a><a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> </p><p>In December 2014 there was evidence of it targeting operating systems running <a href="/facts/Linux/9FvCKSTq">Linux</a>.<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> </p> <h2 id="group">Group</h2> <p>The advanced persistent threat hacking group has also been named Turla.<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> The group has probably been operating since the late 1990s, according to professor Thomas Rid of <a href="/facts/Johns_Hopkins_University/56US0mHw">Johns Hopkins University</a>.<a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a> Dan Goodin in <i><a href="/facts/Ars_Technica/zvnX7pnh">Ars Technica</a></i> described Turla as "Russian spies".<a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a> Turla has since been given other names such as <a href="/facts/Snake_(malware)/N7vRPldx">Snake</a>, Krypton, and Venomous Bear. </p> <h3>US actions against group</h3> <p>In May 2023 the <a href="/facts/United_States_Department_of_Justice/2SuTuevo">United States Department of Justice</a> announced that the United States had managed to infiltrate machines that were infected by the malware and issue a command ordering the malware to delete itself.<a class="footnote-ref" id="fnref:12" href="#fn:12"><sup>12</sup></a> Affidavits from the <a href="/facts/FBI/UY93jwX6">FBI</a> and DOJ revealed that the group was part of the Russian <a href="/facts/Federal_Security_Service/2QqBHc6P">Federal Security Service</a> Center 16 group in <a href="/facts/Ryazan/AXtFvh25">Ryazan</a>.<a class="footnote-ref" id="fnref:13" href="#fn:13"><sup>13</sup></a> </p> <h2 id="possible-goldenjackal-connection">Possible GoldenJackal connection</h2> <p><a href="/facts/ESET/roFfK0Kh">ESET</a> noted that the <a href="/facts/Botnet/bGspY7bJ">command and control</a> protocol used by <a href="/facts/GoldenJackal/lBqtl79f">GoldenJackal</a> malware is typically used by Turla, suggesting the groups may be connected.<a class="footnote-ref" id="fnref:14" href="#fn:14"><sup>14</sup></a> </p> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/Agent.BTZ/EdJX59fe">Agent.BTZ</a></li> <li><a href="/facts/Red_October_(malware)/8oyIr5h3">Red October (malware)</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"The Russian Britney Spears Instagram hackers also used satellites to hide their tracks". Boing Boing. 8 June 2017. <a href="https://boingboing.net/2017/06/08/dvb-s.html" target="_blank">https://boingboing.net/2017/06/08/dvb-s.html</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"Suspected Russian spyware Turla targets Europe, United States". Reuters. 2014-03-13. <a href="https://www.reuters.com/article/us-russia-cyberespionage-insight-idUSBREA260YI20140307" target="_blank">https://www.reuters.com/article/us-russia-cyberespionage-insight-idUSBREA260YI20140307</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"Archived copy" (PDF). Archived from the original (PDF) on 2020-10-26. Retrieved 2018-03-01.{{cite web}}: CS1 maint: archived copy as title (link) <a href="https://web.archive.org/web/20201026005331/https://www.valisluureamet.ee/pdf/raport-2018-ENG-web.pdf" target="_blank">https://web.archive.org/web/20201026005331/https://www.valisluureamet.ee/pdf/raport-2018-ENG-web.pdf</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>"Turla Hiding in the Sky: Russian Speaking Cyberespionage Group Exploits Satellites to Reach the Ultimate Level of Anonymity". kaspersky.com. 26 May 2021. <a href="https://www.kaspersky.com/about/press-releases/2015_turla-hiding-in-the-sky-russian-speaking-cyberespionage-group-exploits-satellites-to-reach-the-ultimate-level-of-anonymity" target="_blank">https://www.kaspersky.com/about/press-releases/2015_turla-hiding-in-the-sky-russian-speaking-cyberespionage-group-exploits-satellites-to-reach-the-ultimate-level-of-anonymity</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"Suspected Russian spyware Turla targets Europe, United States". Reuters. 2014-03-13. <a href="https://www.reuters.com/article/us-russia-cyberespionage-insight-idUSBREA260YI20140307" target="_blank">https://www.reuters.com/article/us-russia-cyberespionage-insight-idUSBREA260YI20140307</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>Brewster, Tom (7 August 2014). "Sophisticated 'Turla' hackers spying on European governments, say researchers". The Guardian. <a href="https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec" target="_blank">https://www.theguardian.com/technology/2014/aug/07/turla-hackers-spying-governments-researcher-kaspersky-symantec</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>"Turla: Spying tool targets governments and diplomats". <a href="https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=4501a782-fd84-4f44-a231-ee2a3e838c39&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments" target="_blank">https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=4501a782-fd84-4f44-a231-ee2a3e838c39&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>Baumgartner, Kurt (8 December 2014). "The 'Penquin' Turla". securelist.com. <a href="https://securelist.com/the-penquin-turla-2/67962/" target="_blank">https://securelist.com/the-penquin-turla-2/67962/</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"The Russian Britney Spears Instagram hackers also used satellites to hide their tracks". Boing Boing. 8 June 2017. <a href="https://boingboing.net/2017/06/08/dvb-s.html" target="_blank">https://boingboing.net/2017/06/08/dvb-s.html</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>Greenberg, Andy (2023-05-20). "The Underground History of Russia's Most Ingenious Hacker Group". Wired. Retrieved 2023-08-20. <a href="https://www.wired.com/story/turla-history-russia-fsb-hackers/" target="_blank">https://www.wired.com/story/turla-history-russia-fsb-hackers/</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>"You'll never guess where Russian spies are hiding their control servers". Ars Technica. 6 June 2017. <a href="https://arstechnica.com/security/2017/06/russian-hackers-turn-to-britney-spears-for-help-concealing-espionage-malware/" target="_blank">https://arstechnica.com/security/2017/06/russian-hackers-turn-to-britney-spears-for-help-concealing-espionage-malware/</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> <li id="fn:12"><p>Greenberg, Andy (2023-05-20). "The Underground History of Russia's Most Ingenious Hacker Group". Wired. Retrieved 2023-08-20. <a href="https://www.wired.com/story/turla-history-russia-fsb-hackers/" target="_blank">https://www.wired.com/story/turla-history-russia-fsb-hackers/</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></p></li> <li id="fn:13"><p>Greenberg, Andy (2023-05-20). "The Underground History of Russia's Most Ingenious Hacker Group". Wired. Retrieved 2023-08-20. <a href="https://www.wired.com/story/turla-history-russia-fsb-hackers/" target="_blank">https://www.wired.com/story/turla-history-russia-fsb-hackers/</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></p></li> <li id="fn:14"><p>Lyons, Jessica (2024-10-09). "Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware". The Register. Retrieved 2024-10-16. <a href="https://www.theregister.com/2024/10/09/goldenjackal_custom_malware/" target="_blank">https://www.theregister.com/2024/10/09/goldenjackal_custom_malware/</a> <a href="#fnref:14" class="footnote-back-ref">↩</a></p></li> </ol>