TurlaSat: The Fault in our Stars - Turla’s Exquisite Satlink Appropriation
by Kurt Baumgartner @k_sec Stefan Tenase @stefant
https://www.virusbulletin.com/uploads/pdf/conference_slides/2015/Baumgartner-VB2015.pdf
This is a slide deck from an unknown conference(?) talking about Turla’s use of Satlink to carry out their cyber operations.
| Remark |
|---|
| Venomous Bear |
| APT |
| Penquin Turla |
| Agent.BTZ |
| Chinch aka ComRAT |
| Snake aka Turla |
| xor |
| tapi32d.exe |
| typecli.exe |
| dial-up |
| GPRS |
| Agent.dhe |
Links
- https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/
- https://securelist.com/blog/research/67962/the-penquin-turla-2/
- https://securelist.com/analysis/publications/65545/the-epic-turla-operation/
- https://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/
- http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html
- http://artemonsecurity.com/uroburos.pdf
- https://www.f-secure.com/v-descs/worm_w32_agent_btz.shtml
- http://www.baesystems.com/en/cybersecurity/feature/the-snake-campaign
- https://blog.gdatasoftware.com/blog/article/the-uroburos-case-new-sophisticated-rat-identified.html
- http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf
- https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf
Follow up links: