Turla Group

GPTKB entity

Statements (70)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart at least 2004
gptkbp:alsoKnownAs gptkb:Dragon
gptkb:Uroburos
Venomous Bear
KRYPTON
gptkbp:countryOfOrigin gptkb:Russia
gptkbp:enemyOf spear phishing
watering hole attacks
credential theft
lateral movement
custom malware deployment
https://www.w3.org/2000/01/rdf-schema#label Turla Group
gptkbp:language gptkb:Russian
gptkbp:mainActivity cybercrime
gptkbp:MITRE_ATT&CK_ID gptkb:G0010
gptkbp:notableEvent 2014 Uroburos discovery
attacks on US and European government agencies
attacks on embassies in Europe and the Middle East
compromise of satellite communications
gptkbp:notableTool gptkb:ICEDCOFFEE
gptkb:WhiteBear
gptkb:Dragon
gptkb:HyperStack
gptkb:LightNeuron
gptkb:Mosquito_backdoor
gptkb:Reductor
gptkb:Agent.BTZ
gptkb:ComRAT
gptkb:Epic_Turla
gptkb:Gazer
gptkb:Kazuar
gptkb:Metasploit
gptkb:Carbon
gptkb:Nautilus
PowerShell scripts
Outlook backdoor
Crutch
credential harvesting tools
custom rootkits
encrypted C2 infrastructure
satellite-based C2 channels
watering hole exploit kits
gptkbp:reportsTo gptkb:UK_National_Cyber_Security_Centre
gptkb:US_Department_of_Justice
gptkb:ESET
gptkb:FireEye
gptkb:Kaspersky_Lab
gptkb:Symantec
gptkbp:suspectedAffiliation gptkb:FSB
gptkb:Russian_government
gptkbp:target gptkb:energy
research institutions
government organizations
military organizations
diplomatic entities
gptkbp:TTPs living off the land techniques
use of encrypted communications
use of custom backdoors
use of legitimate software for persistence
gptkbp:usesMalware gptkb:Dragon
gptkb:Agent.BTZ
gptkb:ComRAT
gptkb:Epic_Turla
gptkb:Gazer
gptkb:Kazuar
gptkb:Uroburos
gptkb:Carbon
gptkbp:bfsParent gptkb:Kazuar
gptkbp:bfsLayer 6