Turla
Turla is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least 2004, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies. Turla is known for conducting watering hole and spearphishing campaigns, and leveraging in-house tools and malware, such as Uroburos.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
6 mentions · 2 sources"Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard"
"Kazuar malware continuously developed by Secret Blizzard has evolved from traditional backdoor to modular peer-to-peer botnet"
"The hacking group is known for its attacks targeting government, diplomatic, and defense sectors in Europe and Central Asia, as well as endpoints previously breached by Aqua Blizzard (aka Actinium and Gamaredon) to support the Kremlin's strategic objectives."
"The threat actor has historically targeted organizations in the government and diplomatic sector in Europe and Central Asia, as well as systems in Ukraine previously compromised by Aqua Blizzard, very likely for the purpose of obtaining information supporting Russia's foreign policy and military objectives."
"According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Russia-nexus actor is assessed to be affiliated with Center 16 of Russia's Federal Security Service (FSB)."
"Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems."
Hedge terms observed