Turla
G00104 reportsAnalyst assessment — key judgments
- Signature techniques: T1059.001 (PowerShell), T1583.006 (Web Services), T1559 (Inter-Process Communication).
- Primary targeting: RU, UA, IT, US.
- Activity accelerating: 3 report(s) in last 30d vs 1 prior (+200%).
- Recent movement: 17 new technique(s), 157 new infrastructure indicator(s) in the last 30 days.
- Hunt coverage 47% of 17 observed techniques (9 gap(s)).
- Assessment confidence: medium (61).
Activity & trend
Movement — last 30 days
Vulnerabilities in this actor's reporting · 1
- CVE-2025-8088KEV1 rpt
Overview
Turla is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least 2004, spanning a range of industries including government, embassies, military, education, research and pharmaceutical companies. Turla is known for conducting watering hole and spearphishing campaigns, and leveraging in-house tools and malware, such as Uroburos.(Citation: Kaspersky Turla)(Citation: ESET Gazer Aug 2017)(Citation: CrowdStrike VENOMOUS BEAR)(Citation: ESET Turla Mosquito Jan 2018)(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023)
ATT&CK technique matrix
- T1059.001 · PowerShellconf 652
- T1583.006 · Web Servicesconf 652
- T1559 · Inter-Process Communicationconf 652
- T1584.006 · Web Servicesconf 652
- T1053.005 · Scheduled Taskconf 601
- T1204.002 · Malicious Fileconf 601
- T1588.006 · Vulnerabilitiesconf 601
- T1589.001 · Credentialsconf 601
- T1047 · Windows Management Instrumentationconf 601
- T1059.007 · JavaScriptconf 601
- T1574.014 · AppDomainManagerconf 601
- T1036 · Masqueradingconf 601
Threat catalogue · engineering roadmap
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
Relationships
Activity
| Title | Source | Severity | Collected |
|---|