Meet the Epic Turla campaign that hacks governments

Security

by Jimmy Nicholls| 08 August 2014

Malware employs mixture of zero day, social engineering and watering hole tactics.

A cyber espionage campaign targeting governments, schools and pharmaceutical companies has been uncovered by security firm Kaspersky.

Hackers behind Epic Turla, also called Snake or Uroburos, use a mixture of inherent "zero day" software bugs, social manipulation and "watering hole" techniques, in which popular websites are attacked as a proxy for infecting the true targets.

The malware was also observed employing a Cobra/Carbon backdoor, which is more sophisticated than Epic Turla's own rear entry attack.

Costin Raiu, director of global research and analysis at Kaspersky, said: "The configuration updates for the 'Carbon system' malware are interesting, because this is another project from the Turla actor.

"This indicates that we are dealing with a multi-stage infection that begins with Epic Turla. The Epic Turla is used to gain a foothold and validate the high profile victim.

"If the victim is interesting, it gets upgraded to the full Turla Carbon system."

Once a user is infected through Epic Turla it connects to a command and control (C&C) server, which continues to provide the malware with instructions.

Malware recipients are said to be concentrated in the Middle East and Europe, though infected machines were found in more than 45 countries.

Though the campaign has been running since 2012, Kaspersky said its highest spike in activity was between January and February of this year.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

753 people like this.
0 people follow this.

Security Intelligence

Buy the latest industry research online today!
See more
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.