Turla, also known as Snake, is an espionage group notorious for having breached some heavilyprotected networks such as the US Central Command in 2008.
Since then, they have been busy attacking diplomats and military targets around the world. Among the notable victims were the Finnish Foreign Ministry in 2013, the Swiss military firm RUAG between 2014 and 2016, and more recently, the German government at the end of 2017/beginning of 2018.
In the latter case, several newspapers quickly released some information about the modusoperandi used by the attackers: they used email attachments to control the malware and also to transfer the stolen data from the system.
However, no technical information about this backdoor was publicly available. Herein, we release our in-depth analysis of this Turla backdoor, controlled via PDF attachments sent via email.
To read the whitepaper, please enter your details in the form.