Back To Homepage
About TRA
ConsultationsRegulationsDecisionsCirculars
Licensing
Market Data
Publications
Info center
Spectrum
Cybersecurity
Quality of Service
Type approval
Numbering
Acknowledgment & Disclaimer
USAIDAMIDEAST
Back To Homepage    Contact Us    عربي  |  English         
[ Print ] [  email ] T | T
Cybersecurity News > Continuous Cyber espionage operation: code name TURLA
Continuous Cyber espionage operation: code name TURLA
March 13, 2014

A sophisticated piece of spyware has been quietly infecting hundreds of government computers across Europe and the United States in one of the most complex cyber espionage programs uncovered to date.

Several security researchers and Western intelligence officers say they believe the malware, widely known as Turla, is the work of the Russian government and linked to the same software used to launch a massive breach on the U.S. military uncovered in 2008.

The threat surfaced this week after a little known German anti-virus firm, G Data, published a report on the virus, which it called Uroburos, the name text in the code that may be a reference to the Greek symbol of a serpent eating its own tail.

Security experts say stealthy Turla belongs to the same family as one of the most notorious pieces of spyware uncovered to date: Agent.BTZ. It was used in a massive cyber espionage operation on U.S. Central Command that surfaced in 2008 and is one of the most serious U.S. breaches to date. While Washington never formally attributed blame, several U.S. officials have told Reuters they believed it was the work of Russia.

The malware is a "root kit" that hides the presence of the spying operation and also creates a hidden, encrypted file system to store stolen data and tools used by the attackers, he said. Those tools include password stealers, tiny programs for gathering information about the system and document stealers.

They have used dozens of different "command and control" servers located in countries around the world to control infected systems, according to Symantec, whose researchers have helped identify and shut down some of those systems.

Researchers say Turla's code is regularly updated, including changes to avoid detection as anti-virus companies detect new strains. BAE said it had two samples created in January 2014.

For more detailed information about TURLA, please visist:

http://www.reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307

and

http://www.securelist.com/en/blog/8191/Agent_btz_a_source_of_inspiration

and

http://www.kaspersky.com/about/news/virus/2014/How-Turla-and-worst-breach-of-US-military-computers-in-history-are-connected
 
Follow us on
       
 
 
CareersSitemapUseful LinksArchivesFAQ
© 2008 TRA. All rights reserved.