The Hidden Chronicles of Turla: The Pinnacle of Russia’s Hacker Groups

June 1, 2023

In a fascinating article about Turla, the enigmatic hacker group, Andy Greenberg, spins a tale in the murky depths of the internet, woven through with threads of brilliant invention, stealth, and resilience. It starts in the shadowy corners of Russia’s cyberspace, where Turla has carved its notorious name. Lauded as “adversary number one,” Turla has surpassed 25 years of cybersecurity espionage, earning begrudging admiration from Western intelligence analysts.

 So, who is Turla?

Nestled deep within the confines of Russia’s FSB intelligence agency, this hacker group, also known as Venomous Bear and Waterbug, has successfully infiltrated networks across the West, undetected and uninterrupted. From pioneering the first-ever cyber spying operation against the US to its signature Snake malware, Turla has demonstrated exceptional dexterity in cyber warfare.

The FBI and DOJ recently dealt a blow to Turla’s global spying campaigns by dismantling an operation that had infected computers in over 50 countries. This operation, however, merely unveiled the tip of Turla’s iceberg. As Thomas Rid, a professor of strategic studies at Johns Hopkins University suggests, the group’s longevity and stealth point to its future resilience. “Really, it’s adversary number one,” he posits.

Meet with DeepSeas threat intelligence experts.

Turla’s saga unfolds over 25 years of relentless evolution and innovative assaults, often disappearing for years before making a triumphant comeback. Their toolbox encompasses USB worms, satellite-based hacking, and hijacking other hackers’ infrastructure, each time showcasing their remarkable technical ingenuity.

Turla’s striking portfolio includes the Moonlight Maze operation, where it deftly siphoned American secrets on a massive scale, and Agent.btz, a malware that successfully infiltrated the classified network of the DOD’s US Central Command. More recently, Turla hijacked another hacker group’s infrastructure to commandeer their entire spying operation, adding a further layer of confusion to the investigation. These episodes underscore Turla’s ingenuity and skill, which continue to present challenges to cybersecurity firms worldwide.


FBI’s Battle with Turla

Recently, the FBI struck back against Turla, dismantling the Snake network. While this operation no doubt represents a setback for Turla, history warns us not to celebrate too early. As Bob Gourley, a former US Defense Department intelligence officer, puts it, “This is an infinite game. If they’re not already back in those systems, they will be soon. They’re not going away. This is not the end of cyberespionage history. They will definitely, definitely be back.”

This tale paints a picture of an adversary that has repeatedly proven its resilience, evolving and adapting each time it is challenged. Despite setbacks, Turla’s 25-year reign tells us one thing with certainty: the cat-and-mouse game between cyber attackers and defenders is far from over.

DeepSeas is the only Managed Detection & Response solution that offers homegrown intel, curated global public intel feeds, and deployed intelligence updates globally in real-time for both enterprises and organizations in the mid-market. 


Meet with DeepSeas threat intelligence experts.