Turla (malware)

Turla or Uroboros (Russian: Турла) is a Trojan package that is suspected by computer security researchers and Western intelligence officers to be the product of a Russian government agency of the same name.

High infection rates of the virus were observed in Russia, Kazakhstan and Vietnam, followed by US and China, and low infection rates in Europe, South America and Asia (including India).

Malware
Turla has been targeting governments and militaries since at least 2008.

In December 2014 there was evidence of it targeting operating systems running Linux.

Group
The advanced persistent threat hacking group has also been named Turla. The group has probably been operating since the late 1990s, according to professor Thomas Rid of Johns Hopkins University. Dan Goodin in Ars Technica described Turla as "Russian spies". Turla has since been given other names such as Snake, Krypton, and Venomous Bear.

US actions against group
In May 2023 the United States Department of Justice announced that the United States had managed to infiltrate machines that were infected by the malware and issue a command ordering the malware to delete itself. Affidavits from the FBI and DOJ revealed that the group was part of the Russian Federal Security Service Center 16 group in Ryazan.