Two of the Kremlin’s most active hacking units recently were spotted collaborating in malware attacks that compromise high-value devices located in Ukraine, security researchers said Friday.
One of the groups is Turla, which is easily one of the world’s most sophisticated advanced persistent threats (well-organized and well-funded hacking groups, many backed by nation states, that target specific adversaries for years at a time). Researchers from multiple security firms largely agree that Turla was behind breaches of the US Department of Defense in 2008, and more recently, the German Foreign Office and France's military. The group has also been known for unleashing stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations. The group conducts narrowly targeted attacks on high-value targets and keeps a low profile.
Gamaredon, meanwhile, is a separate APT known for conducting much wider-scale operations, often targeting organizations in Ukraine. Whereas Turla takes pains to fly under the radar, Gamaredon doesn’t seem to care about being detected and linked to the Russian government. Its malware generally aims to collect as much information from targets as possible over a short period of time. Both Turla and Gamaredon are widely assessed to be units of Russia’s Russian Federal Security Service (FSB), the country’s chief security agency and successor of the Soviet Union’s KGB.
