KNOW is Netenrich’s threat intel dashboard and cybersecurity news aggregator. In its top stories, KNOW collated the latest chapter in the SolarWinds hack saga. This is a topic that we have covered extensively before, and it looks like there is a new twist in the tale. Security researchers have recently discovered a link between the SolarWinds hack and the Turla Group – an infamous Russian APT.
Who are the Turla Group?
Turla Group or Waterbug is the name given to the actors who use the malware tools Trojan.Wipbot (also known as Tavdig and Epic Turla) and Trojan.Turla (also known as Carbon, Uroburos, and Snake). This group has been active since 2005 and was responsible for the 2008 compromise of US Central Command that resulted in a clean-up operation that lasted almost 14 months.
Industries targeted
- Information Technology
- Research
- Communication
- Aerospace And Defense
- Energy And Natural Resources
Why is Turla Group trending?
As per security researchers, the Sunburst backdoor that was exploited to conduct the SolarWinds supply-chain attack links it to the Turla advanced persistent threat (APT) group. In particular, researchers uncovered several code similarities between Sunburst and the Kazuar backdoor. The latter is a malware written in the .NET framework and was observed for the first time in 2015. Researchers had linked it to the Turla group, even though no solid link has been made public. Kazuar has been consistently linked with known Turla tools during multiple breaches in the past three years.
Join 1,200 of your colleagues and friends from the industry
Twitter reacts
#1 Andy Greenberg
An 18yo Kaspersky researcher found malware clues linking the SolarWinds hackers to the suspected FSB hacker group Turla. Very far from confirmation Turla carried out the SolarWinds breach, but it's the first publicly verifiable evidence pointing to Russia. https://t.co/GJwyzoOkFf
— Andy Greenberg (@a_greenberg) January 11, 2021
#2 WIRED Gadget Lab
Security researchers have found links between the attackers and Turla, a sophisticated team suspected of operating out of Moscow's FSB intelligence agency. https://t.co/CZD68kpNOc
— WIRED Gadget Lab (@gadgetlab) January 12, 2021
#3 Virus Bulletin
Kaspersky researchers found code overlap between the Sunburst malware used in the SolarWinds supply chain attack and a backdoor known as Kazuar, linked to the Turla APT group https://t.co/UozHRoMSXW pic.twitter.com/FTJkXCkO0Y
— Virus Bulletin (@virusbtn) January 12, 2021
Turla Group references from KNOW
- Total references: 6,000
- Previous 60 days: 608
- Last 7 days: 254
Turla Group context from KNOW
- Domains: 29
- Hashes: 66
- URLs: 1
- Related Malware:22
- Campaign: Mosquito campaign
- Related vulnerabilities: CVE-2008-3431 and CVE-2013-0808
KNOW our powerful threat intelligence platform
KNOW is Netenrich’s Threat Intel Platform that extracts data from billions of data points and correlates relevant intel and expert analyst insights to help you follow, search, and act—in a fraction of the time it takes now. However, Netenrich’s offering isn’t just limited to threat intelligence. We offer a powerful combination of threat and attack surface intelligence.
Threat and Attack Surface Intelligence will help your SecOps to:
- Find hidden risks to your brand on the public Internet
- Stay informed about threats in minutes versus hours
- Act on the most critical threats first
- Reduce effort and alert fatigue
- Measure and demonstrate value.
Find out more about Netenrich’s Attack Surface Intelligence (ASI) solution.
Hey, before you leave, we have this interesting article up on “Intelligent SOC.” Intelligent SOC leverages Netenrich Resolution Intelligence to evolve cybersecurity beyond the antiquated ticket-based model with modern AIOps-based architecture.
Want to read some more?
Yes I do!
Subscribe To Our Newsletter!
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Thank you for subscribing!
