"Tangled Up: 'Tomiris' APT Uses Turla Malware, Confusing Researchers"

Certain campaigns previously attributed to the Russian Advanced Persistent Threat (APT) group Turla were carried out by what appears to be a different group that researchers have dubbed "Tomiris." Turla, also known as Snake, Venomous Bear, and Ourobouros, is a notorious threat actor with connections to the Russian government. Over the years, it has used zero-day vulnerabilities, legitimate software, and other techniques to install backdoors in the systems of militaries, governments, diplomatic entities, and technology and research organizations. In one example, its Kazuar backdoor was linked to the SolarWinds compromise. However, not everything is Turla. Researchers have published evidence that attacks previously attributed to Turla were actually perpetrated by Tomiris, a completely different group with different tactics, techniques, and procedures (TTPs) and affiliations. This article continues to discuss researchers' findings on the separate, but in some ways overlapping, Russian-language APTs.

Dark Reading reports "Tangled Up: 'Tomiris' APT Uses Turla Malware, Confusing Researchers"