This articlemay lack focus ormay be aboutmore than one topic. Pleasehelp improve this article, possibly bysplitting the article or organising adisambiguation page. There might be further discussion about this on thetalk page.(June 2017)

You can helpexpand this article with text translated fromthe corresponding article in Ukrainian. (June 2017)Click [show] for important translation instructions. Machine translation, likeDeepL orGoogle Translate, is a useful starting point for translations, but translators must revise errors as necessary and confirm that the translation is accurate, rather than simply copy-pasting machine-translated text into the English Wikipedia. Consideradding a topic to this template: there are already 306 articles in themain category, and specifying|topic= will aid in categorization. Do not translate text that appears unreliable or low-quality. If possible, verify the text with references provided in the foreign-language article. Youmust providecopyright attribution in theedit summary accompanying your translation by providing aninterlanguage link to the source of your translation. A model attribution edit summary isContent in this edit is translated from the existing Ukrainian Wikipedia article at [[:uk:Змія (комп'ютерний хробак)]]; see its history for attribution. You may also add the template{{Translated|uk|Змія (комп'ютерний хробак)}} to thetalk page. For more guidance, seeWikipedia:Translation.

Turla orUroboros (Russian:Турла) is atrojan package that is suspected bycomputer security researchers and Westernintelligence officers to be the product of aRussian government agency of the same name.^[1][2][3]

High infection rates of the virus were observed in Russia, Kazakhstan and Vietnam, followed by US and China, and low infection rates in Europe, South America and Asia (including India).^[4]

Turla has been targetinggovernments andmilitaries since at least 2008.^[2][5][6]

In December 2014 there was evidence of it targeting operating systems runningLinux.^[7]

The advanced persistent threat hacking group has also been namedTurla.^[1] The group has probably been operating since the late 1990s, according to professor Thomas Rid ofJohns Hopkins University.^[8] Dan Goodin inArs Technica described Turla as "Russian spies".^[9] Turla has since been given other names such asSnake, Krypton, and Venomous Bear.

In May 2023 theUnited States Department of Justice announced that the United States had managed to infiltrate machines that were infected by the malware and issue a command ordering the malware to delete itself.^[8] Affidavits from theFBI and DOJ revealed that the group was part of the RussianFederal Security Service Center 16 group inRyazan.^[8]

ESET noted that thecommand and control protocol used byGoldenJackal malware is typically used by Turla, suggesting the groups may be connected.^[10]

• Agent.BTZ
• Red October (malware)

Thismalware-related article is astub. You can help Wikipedia byexpanding it.

• v
• t
• e

• Spyware
• Linux malware
• Hacking (computer security)
• Espionage
• Cyberwarfare
• Hacker groups
• Hacking in the 2010s
• Russian advanced persistent threat groups
• Cybercrime in India
• Malware stubs

• CS1 maint: archived copy as title
• Articles with short description
• Short description matches Wikidata
• Wikipedia articles lacking focus from June 2017
• All Wikipedia articles lacking focus
• Articles needing translation from Ukrainian Wikipedia
• All stub articles