Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

Turla Group: Do You KNOW This Threat Actor?

New evidence links the infamous SolarWinds hack to this threat actor.

Post by Rajarshi Mitra Jan 13, 2021

KNOW is Netenrich’s threat intel dashboard and cybersecurity news aggregator. In its top stories, KNOW collated the latest chapter in the SolarWinds hack saga. This is a topic that we have covered extensively before, and it looks like there is a new twist in the tale. Security researchers have recently discovered a link between the SolarWinds hack and the Turla Group – an infamous Russian APT.

turla group threat intelligence solarwinds overview

Who are the Turla Group?

Turla Group or Waterbug is the name given to the actors who use the malware tools Trojan.Wipbot (also known as Tavdig and Epic Turla) and Trojan.Turla (also known as Carbon, Uroburos, and Snake). This group has been active since 2005 and was responsible for the 2008 compromise of US Central Command that resulted in a clean-up operation that lasted almost 14 months. 

Industries targeted

  • Information Technology
  • Research
  • Communication
  • Aerospace And Defense
  • Energy And Natural Resources

Why is Turla Group trending?

As per security researchers, the Sunburst backdoor that was exploited to conduct the SolarWinds supply-chain attack links it to the Turla advanced persistent threat (APT) group. In particular, researchers uncovered several code similarities between Sunburst and the Kazuar backdoor. The latter is a malware written in the .NET framework and was observed for the first time in 2015. Researchers had linked it to the Turla group, even though no solid link has been made public. Kazuar has been consistently linked with known Turla tools during multiple breaches in the past three years. 

Join 1,200 of your colleagues and friends from the industry


Twitter reacts

#1 Andy Greenberg

#2 WIRED Gadget Lab

#3 Virus Bulletin

Turla Group references from KNOW

turla group threat intelligence online references from know

  • Total references: 6,000
  • Previous 60 days: 608
  • Last 7 days: 254

Turla Group context from KNOW

turla group threat intelligence context from know

  • Domains: 29 
  • Hashes: 66 
  • URLs: 1 
  • Related Malware:22 
  • Campaign: Mosquito campaign 
  • Related vulnerabilities: CVE-2008-3431 and CVE-2013-0808

KNOW our powerful threat intelligence platform

know threat intelligence from netenrich

KNOW is Netenrich’s Threat Intel Platform that extracts data from billions of data points and correlates relevant intel and expert analyst insights to help you follow, search, and act—in a fraction of the time it takes now. However, Netenrich’s offering isn’t just limited to threat intelligence. We offer a powerful combination of threat and attack surface intelligence.

Threat and Attack Surface Intelligence will help your SecOps to:

  • Find hidden risks to your brand on the public Internet
  • Stay informed about threats in minutes versus hours
  • Act on the most critical threats first
  • Reduce effort and alert fatigue
  • Measure and demonstrate value.
Why did we create Knowledge NOW? Read our story

Find out more about Netenrich’s Attack Surface Intelligence (ASI) solution.

Hey, before you leave, we have this interesting article up on “Intelligent SOC.” Intelligent SOC leverages Netenrich Resolution Intelligence to evolve cybersecurity beyond the antiquated ticket-based model with modern AIOps-based architecture.

Want to read some more?

Yes I do!

About the Author

Rajarshi Mitra

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat.

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

Jan 12 2021

Rokrat – Do You KNOW This Malware

North Korean threat actors have been using this malware to target victims in South Korea.

Read More
Jan 11 2021

Nefilim, LuckyMouse, and CVE-2020-29583 – KNOW More

US officially blames Russia, and much more. Find out what happened last week.

Read More