The Legendary Turla: A 25-Year Journey of State-Sponsored Hacking Group

 

Cybersecurity analysts have a group of state-sponsored hackers that they admire and study extensively called Turla. While many people might expect China or North Korea to be mentioned, Turla stands out for its subtle and long-lasting presence in Western networks. Recently, the US Justice Department and the FBI disrupted Turla's operations by targeting its malware called Snake, which is considered a premier espionage tool used by Russia's FSB intelligence agency. This operation confirmed earlier reports that Turla works for the FSB's Center 16 group in Russia.

Turla has been active for at least 25 years and is known for its sophistication, stealthiness, and persistence. It was even responsible for the first-ever cyberspying operation targeting the US, called Moonlight Maze. Despite the setback caused by the recent FBI action, experts believe that Turla will continue its activities. The group has a history of disappearing for years and then reemerging in highly protected networks, including those of the Pentagon, defense contractors, and European government agencies.

What sets Turla apart is its constant evolution and technical ingenuity. They have pioneered various techniques such as USB worms, satellite-based hacking, and even hijacking other hackers' infrastructure. This combination of innovation and pragmatism makes Turla a unique and challenging group to track for cybersecurity researchers.