Turla (malware) - Wikipedia

This article may lack focus or may be about more than one topic. Please help improve this article, possibly by splitting the article and/or by introducing a disambiguation page, or discuss this issue on the talk page. (June 2017)

You can help expand this article with text translated from the corresponding article in Ukrainian. (June 2017) Click [show] for important translation instructions.

Machine translation, like DeepL or Google Translate, is a useful starting point for translations, but translators must revise errors as necessary and confirm that the translation is accurate, rather than simply copy-pasting machine-translated text into the English Wikipedia.
Consider adding a topic to this template: there are already 319 articles in the main category, and specifying|topic= will aid in categorization.
Do not translate text that appears unreliable or low-quality. If possible, verify the text with references provided in the foreign-language article.
You must provide copyright attribution in the edit summary accompanying your translation by providing an interlanguage link to the source of your translation. A model attribution edit summary is Content in this edit is translated from the existing Ukrainian Wikipedia article at [[:uk:Змія (комп'ютерний хробак)]]; see its history for attribution.
You should also add the template {{Translated|uk|Змія (комп'ютерний хробак)}} to the talk page.
For more guidance, see Wikipedia:Translation.

Turla or Uroboros (Russian: Турла) is a Trojan package that is suspected by computer security researchers and Western intelligence officers to be the product of a Russian government agency of the same name.^[1]^[2]^[3]

High infection rates of the virus were observed in Russia, Kazakhstan and Vietnam, followed by US and China, and low infection rates in Europe, South America and Asia (including India).^[4]

Malware[edit]

Turla has been targeting governments and militaries since at least 2008.^[2]^[5]^[6]

In December 2014 there was evidence of it targeting operating systems running Linux.^[7]

Group[edit]

The advanced persistent threat hacking group has also been named Turla.^[1] The group has probably been operating since the late 1990s, according to professor Thomas Rid of Johns Hopkins University.^[8] Dan Goodin in Ars Technica described Turla as "Russian spies".^[9] Turla has since been given other names such as Snake, Krypton, and Venomous Bear.

US actions against group[edit]

In May 2023 the United States Department of Justice announced that the United States had managed to infiltrate machines that were infected by the malware and issue a command ordering the malware to delete itself.^[8] Affidavits from the FBI and DOJ revealed that the group was part of the Russian Federal Security Service Center 16 group in Ryazan.^[8]

References[edit]

^ ^a ^b "The Russian Britney Spears Instagram hackers also used satellites to hide their tracks". Boing Boing. 8 June 2017.
^ ^a ^b "Suspected Russian spyware Turla targets Europe, United States". Reuters. 2014-03-13.
^ "Archived copy" (PDF). Archived from the original (PDF) on 2020-10-26. Retrieved 2018-03-01.{{cite web}}: CS1 maint: archived copy as title (link)
^ "Turla Hiding in the Sky: Russian Speaking Cyberespionage Group Exploits Satellites to Reach the Ultimate Level of Anonymity". kaspersky.com. 26 May 2021.
^ Brewster, Tom (7 August 2014). "Sophisticated 'Turla' hackers spying on European governments, say researchers". The Guardian.
^ "Turla: Spying tool targets governments and diplomats".
^ Baumgartner, Kurt (8 December 2014). "The 'Penquin' Turla". securelist.com.
^ ^a ^b ^c Greenberg, Andy (2023-05-20). "The Underground History of Russia's Most Ingenious Hacker Group". Wired. Retrieved 2023-08-20.
^ "You'll never guess where Russian spies are hiding their control servers". Ars Technica. 6 June 2017.

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism Attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach Hacking Team Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Vault7 data breach Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Advanced
persistent threats

Individuals

Major vulnerabilities
publicly disclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

This malware-related article is a stub. You can help Wikipedia by expanding it.

Malware[edit]

Group[edit]

US actions against group[edit]

See also[edit]

References[edit]