Geonet : okt 4, 2021 9:34 PM : Product

A new study from Symantec is currently highlighting a cyber espionage campaign involving sophisticated malware under the names “Turla” which is also known as “Snake”, “Uroboros” and “Carbon”.

For years, Symantec has been following the activities of the group behind Turla and believes that Turla is a movement that targets attacks on the government sector, as can be seen from the targets chosen and the high-tech behavior of the malware.

Here is Symantec’s description of how to identify Turla:

Turla is a combination of malware that uses a Trojan. Wipbot as a reconnaissance tool and Trojan. While inside the victim’s computer, Turla is believed to have been used in spy operations or espionage for a period of 4 years now.

In infecting the victim, the attacker uses a fairly sophisticated method. For example, a watering hole attack is configured to only infect victims who come from a specific IP address range. Those specific IPs are only people within the targeted organization.

However, it seems that Turla belongs to a government-sponsored movement.

The current movement is the result of assault groups and is technically competent in breaking through many defense networks. This movement has at least infiltrated 84 official websites to facilitate watering hole attacks since September 2012.