Open Source Intelligence reports for activity attributed to Turla espionage group

A consolidated list of reports that describe Turla activities

Different names given to this group by vendors:

index URL Date Published
1 http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html 2008-11-30
2 https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf 2014-02-01
3 https://securelist.com/the-epic-turla-operation/65545/ 2014-08-07
4 https://www.gdatasoftware.com/blog/2015/01/23927-evolution-of-sophisticated-spyware-from-agent-btz-to-comrat 2015-01-15
5 https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/ 2015-09-05
6 https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf 2016-01-14
7 https://www.melani.admin.ch/dam/melani/en/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf 2016-05-23
8 https://securelist.com/kopiluwak-a-new-javascript-payload-from-turla/77429/ 2017-02-02
9 https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/ 2017-03-30
10 https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/ 2017-06-06
11 https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack 2017-08-17
12 https://www.carbonblack.com/2017/08/18/threat-analysis-carbon-black-threat-research-dissects-png-dropper/ 2017-08-18
13 https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf 2017-08-XX
14 https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf 2018-01-XX
15 https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/ 2018-05-22
16 https://www.welivesecurity.com/2018/08/22/turla-unique-outlook-backdoor/ 2018-08-22
17 https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/ 2018-11-22
18 https://www.welivesecurity.com/2019/05/07/turla-lightneuron-email-too-far/ 2019-05-07
19 https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/ A dive into Turla PowerShell usage 2019-05-29
20 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/waterbug-espionage-governments 2019-06-20
21 https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/ 2019-07-15
22 https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/ 2020-03-12
23 https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/ 2020-05-26
24 https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity 2020-10-27
25 https://us-cert.cisa.gov/ncas/current-activity/2020/10/29/cisa-fbi-and-cnmf-identify-new-malware-variant-comrat 2020-10-29
26 https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/ 2020-12-02
27 https://unit42.paloaltonetworks.com/ironnetinjector/ 2021-02-19
28 https://blog.talosintelligence.com/2021/09/tinyturla.html 2021-09-21