Our research team at ESET has tracked the infamous Turla espionage group for many years. By leveraging unique telemetry data, forensic analysis of infected machines and in-depth malware reverse-engineering, we gained a quite comprehensive knowledge of their operations. Since our last talk in 2018, Turla procedures have evolved and we would like to share fresh information about the group Tools, Techniques and Procedures.
This presentation will first introduce the Turla group. We will present the main attacks publicly attributed to the group, which is mainly interested in high-profile targets such as government bodies and defense companies. We will also share what the attackers are looking for on compromise machines and try to reveal their motives.
Then, we will go more technical and showcase Turla’s implementation of the three classic steps of an APT campaign: infection, lateral movement and long-term persistence in order to reach their espionage objectives.