#
Turla Intelligence Summary
#
ATT&CK Group ID: G0010
Active since at least the early 2000s, Turla is a sophisticated Russian-based threat group that has exploited victims in more than 50 countries.1 The group has targeted government agencies, diplomatic missions, military groups, research and education facilities, critical infrastructure sectors, and media organizations.1 2 Turla leverages novel techniques and custom tooling and open-source tools to elude defenses and persist on target networks. 3 4 The group is also known for its adaptability and willingness to evolve behaviors and tools to achieve campaign objectives. 5 6 7 Turla is known for their targeted intrusions and innovative stealth. After establishing a foothold and conducting victim enumeration, Turla persists with a minimal footprint through in-memory or kernel implants. 8 9 Turla executes highly targeted campaigns aimed at exfiltrating sensitive information from Linux and Windows infrastructure.10 11
Associated Groups: IRON HUNTER, Group 88, Belugasturgeon, Waterbug, WhiteBear, Snake, Krypton, Venomous Bear
#
Technique Scope
#
Key Adversary Report References
#
Connect with us 🗨️
We 💖 feedback! Let us know how using ATT&CK Evaluation results has helped you and what we can do better.
Email: evals@mitre-engenuity.org Twitter: https://twitter.com/MITREengenuity LinkedIn: https://www.linkedin.com/company/mitre-engenuity/