Researchers Trace 'Epic Turla' Infection Vector - SC Magazine

SC Magazine, By Teri Robinson

After spending the last 10 months analyzing a massive cyber espionage campaign, researchers at Kaspersky Lab have discovered that victims of the Turla malware (also known as Uroburos or Snake) are infected through a multistage attack which they say begins with Epic Turla.

Attackers have used Epic Turla to infect hundreds of systems in more than 45 countries, targeting government, military, educational entities, pharmaceuticals, research and embassies. 

And the attacks have used at least two zero-day exploits — CVE-2013-5065, a privilege escalation vulnerability found in Windows XP and Windows 2003, and CVE-2013-3346, an arbitrary code execution vulnerability found in Adobe Reader — to generate spearfishing e-mails with Adobe PDF attachments, though, Kurt Baumgartner, principal security specialist with Kaspersky Lab, told SCMagazine.com in an email correspondence that the paucity of spearfishing attempts  from this actor was “somewhat surprising.” Read more.