ESET Exposes Turla Malware Attacks on European Diplomats

Turla, an infamous advanced persistent threat (APT) group, is using new PowerShell-based tools that provide direct, in-memory loading and execution of malware, executables and libraries. Researchers at ESET detected several attacks against diplomatic entities in Eastern Europe using PowerShell scripts, linking them to the group. Turla is believed to have been operating since at least 2008 when it successfully breached the U.S. military. It has also been involved in major attacks against many government entities in Europe and the Middle East – among them the German Foreign Office and the French military. The group is also known as Snake or Uroburos. According to Malwarebytes Labs, Turla uses what is thought to be Russian governmental malware. It has infected Linux and Mac operating systems but is mostly associated with infecting Windows systems.