Turla Technical Analysis Report

Executive Summary

This report provides a detailed analysis of the Turla cyberattack group, which has been operating since 2004 and is believed to be backed by the Russian state. Although Turla initially targeted western countries, over time it has expanded its area of operation to include many other regions.

This report analyses the various campaigns of the Turla cyberattack group and the targets of these campaigns. It has been found that the group uses various attack strategies such as phishing attacks, malware distribution operations, and malware distribution operations against public and private sector organisations.

One point that should be particularly emphasised is a backdoor software that is thought to belong to the Turla group. This backdoor software, named TinyTurla-NG by Cisco, is highly likely to pose a threat to institutions and organisations in the coming days.

As a result, the constantly evolving attack strategies of the Turla group pose a serious threat to corporate and individual users. The purpose of this report is to provide an understanding of the activities and objectives of the Turla group and to guide interested parties in protecting against such cyber attacks and taking preventive measures.

Turla Technical Analysis Report