Turla APT, 3 Minute Profile

Follow us at:




QUESTION — What content would you like to see on our website and YouTube channel? Post in comments section of this video!


Turla APT AKA The Uroburos group uses spear phishing campaigns, drive-by-infections, watering hole attacks, and social engineering to push their malware onto target networks. In spear phishing campaigns, the target receives a tailored email containing an executable RAR self-extracting archive (SFX). If opened, then the malware unpacks and installs itself (a .SCR executable) on the user system. When the Uroburos rootkit infects a machine, it can: execute arbitrary code, hide its activity on a system, identify and exfiltrate information such as files, capture network traffic, and infect other systems on the network. Uroburos consists of a driver (.sys file) and an encrypted virtual file system (.dat file). The complex driver seems to be specifically designed to be discrete and difficult to identify. Uroburos’ preferred attack vectors are social engineering attacks, watering hole attacks and USB infection

turla apt
turla malware
turla group
uroboros re5