View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Meet the Epic Turla campaign that hacks governments

Malware employs mixture of zero day, social engineering and watering hole tactics.

By Jimmy Nicholls

A cyber espionage campaign targeting governments, schools and pharmaceutical companies has been uncovered by security firm Kaspersky.

Hackers behind Epic Turla, also called Snake or Uroburos, use a mixture of inherent "zero day" software bugs, social manipulation and "watering hole" techniques, in which popular websites are attacked as a proxy for infecting the true targets.

The malware was also observed employing a Cobra/Carbon backdoor, which is more sophisticated than Epic Turla’s own rear entry attack.

Costin Raiu, director of global research and analysis at Kaspersky, said: "The configuration updates for the ‘Carbon system’ malware are interesting, because this is another project from the Turla actor.

"This indicates that we are dealing with a multi-stage infection that begins with Epic Turla. The Epic Turla is used to gain a foothold and validate the high profile victim.

"If the victim is interesting, it gets upgraded to the full Turla Carbon system."

Once a user is infected through Epic Turla it connects to a command and control (C&C) server, which continues to provide the malware with instructions.

Content from our partners
Infosecurity Europe 2024: Rethink the power of infosecurity
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond

Malware recipients are said to be concentrated in the Middle East and Europe, though infected machines were found in more than 45 countries.

Though the campaign has been running since 2012, Kaspersky said its highest spike in activity was between January and February of this year.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.