ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Satellite Turla

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Satellite Turla

NamesSatellite Turla
CategoryMalware
TypeBackdoor, Tunneling
Description(Kaspersky) The regular usage of satellite-based Internet links by the Turla group represents an interesting aspect of their operation. The links are generally up for several months, but never for too long. It is unknown if this is due to operational security limitations self-imposed by the group or because of shutdown by other parties due to malicious behavior.

The technical method used to implement these Internet circuits relies on hijacking downstream bandwidth from various ISPs and packet-spoofing. This is a method that is technically easy to implement, and provides a much higher degree of anonymity than possibly any other conventional method such as renting a VPS or hacking a legitimate server.
Information<https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.satellite_turla>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:satellite>

Last change to this tool card: 24 April 2021

Download this tool card in JSON format

All groups using tool Satellite Turla

ChangedNameCountryObserved

APT groups

XTurla, Waterbug, Venomous BearRussia1996-Feb 2021 HOT 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key