From the moment any data system comes online, it is […]
Of all the threatening hacker groups out there, one of the […]
As we continue our series of articles on state-sponsored cyberattack groups, […]
See how securing your environment with Ntirety’s Comprehensive Compliant Security solution can save you money with our ROI Calculator.
Overview This event technology company provides customers with best-in- class […]
OVERVIEW What started as a niche company to bridge two […]
Michigan Mutual is a mortgage broker founded in 1992 by […]
In this episode, we talk with Tony Scribner of Ntirety, […]
Emil Sayegh is a well established executive in product and […]
Today we’ll be talking about hybrid cloud, security, and Maslow’s […]
Turla has been linked to 45 high-profile attacks, including the German Bundestag in 2014, the Ukrainian Parliament in 2014, and the French TV5 Monde in 2015. The group also targets organizations in the Middle East, particularly in the energy sector. Turla’s use of sophisticated methods and its focus on government and diplomatic targets has led experts to believe the group is working on behalf of the Russian government, although this has yet to be definitively proven.
Turla is known for using a variety of tactics to compromise networks, including “living off the land” tactics, watering hole attacks, spear-phishing emails, and compromised satellite connections. The group also uses publicly available tools like Metasploit and PowerShell, as well as Command and Control (C2) infrastructure like Google Drive and Dropbox. One of Turla’s primary tactics is the use of “second-stage” malware, which is activated after a victim’s initial infection and used to establish a backdoor into the network. From there, the group can steal sensitive information and move laterally within the network to gain access to other systems.
Turla is especially dangerous due to its use of advanced, next-level tactics. In recent years, the group has been observed using a unique malware called “Turla” or “KRYPTON” that can steal data from air-gapped computers not connected to the internet. The malware uses “audio exfiltration” to transmit data using the computer’s speakers and microphones. The group is extremely sophisticated and can evade detection for long periods of time. In 2014, for example, Turla maintained a foothold in a European government agency’s network for over two years before being discovered.
Turla is a highly sophisticated and persistent hacking group that has been known to target a wide range of organizations around the world. Without the right tools and partnership, defending against Turla is like wrestling a bear. The group’s use of highly sophisticated second-stage malware and its ability to evade detection make it a formidable threat, and one that organizations should be aware of and take immediate steps to protect against. This includes implementing robust comprehensive security measures such as multi-factor authentication, intrusion detection and prevention systems, and regular security training for employees. Equally as important, organizations should be vigilant in monitoring their networks for signs of compromise and should take prompt action if suspicious activity is detected. Partnering with managed security providers can bring valuable expertise, resources, and technology to those looking to defend against the threat posed by Turla and similar groups. These providers can offer expert round-the-clock monitoring, incident response, and threat intelligence to help organizations stay ahead of the constantly evolving threat landscape.
This article was originally published in Forbes, please follow me on LinkedIn.
