Shedding skin - Turla's fresh faces

Presented at VB2018, Oct. 4, 2018, noon (30 minutes)

Turla is a long-standing and active APT that frequently sheds its skin and grows into something new. Known for a long-running, complex and innovative malware set, satellite-based C&C communications, it is a sophisticated and capable group. Fairly recently, our research initiated projects that later examined Mosquito, Turla and WhiteBear activity, known for MiTM deployments on multiple continents and a complex payload. Late this summer, their unusual JavaScript-based KopiLuwak payload was spear-phished out against other geopolitical hotspots. Where it's hot, there is Turla. Let's examine these malware sets and intrusion techniques, compare them against others, and try to understand why or what will be shed next.

Presenters:

• Mike Scott - Kaspersky Lab
  Mike Scott Mike Scott is a principal threat researcher on the Kaspersky Global Research & Analysis Team in the United States. Mike is responsible for discovering and tracking threat activity worldwide, including both criminal and advanced threat actors. Prior to joining Kaspersky, Mike has over 18 years experience covering a range of areas in security including network defence, incident response and forensics, and threat intelligence.
• Kurt Baumgartner - Kaspersky Lab
  Kurt Baumgartner @k_sec

Links:

• https://www.virusbulletin.com/conference/vb2018/abstracts/shedding-skin-turlas-fresh-faces
• https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/BaumgartnerScott-VB2018-SheddingSkinTurla.pdf