Turla, also known as Snake or Uroburos is one of the most sophisticated ongoing cyber-espionage campaigns. Targets of “Epic” belong to the following categories: government entities (Ministry of Interior, Ministry of Trade and Commerce, Ministry of Foreign/External affairs, intelligence agencies), embassies, military, research and education organizations and pharmaceutical companies.
The attackers use both direct spear-phishing e-mails and watering hole attacks to infect victims. Watering holes are websites commonly visited by potential victims. These websites are compromised in advance by the attackers and injected to serve malicious code. Depending on the visitor’s IP address (for instance, a government organization’s IP), the attackers serve Java or browser exploits, signed fake Adobe Flash Player software or a fake version of Microsoft Security Essentials.
Exposure of sensitive information
Malware Hash (MD5/SHA1/SH256)