APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
Turla (aka Snake, Group 88) · APT Atlas
Actors
/
Nation-state / APT
/
Europe
Turla
APT
RU · Russia
AKA
Snake · Group 88 · ATK13 · Waterbug · Secret Blizzard · Uroburos · SUMMIT
Microsoft
:
KRYPTON
CrowdStrike
:
VENOMOUS BEAR
Targets
25
Sectors
6
Threat types
1
GIRs covered
0/480
Active since
2004
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 25 countries
Region filter
Export
origin · Russia
targeted countries · 25
ASIA ·
7
Afghanistan
·
India
·
Jordan
·
South Korea
·
Kazakhstan
·
Türkiye
·
Uzbekistan
AMERICAS ·
2
Argentina
·
Brazil
EUROPE ·
16
Austria
·
Belgium
·
Belarus
·
Cyprus
·
Germany
·
Denmark
·
Estonia
·
Finland
·
France
·
Hungary
·
Montenegro
·
Netherlands
·
Poland
·
Romania
·
Sweden
·
Ukraine
Sectors targeted
6 of 40
Government
83 actors
Defense
60 actors
Aerospace
49 actors
Telecom
57 actors
NGOs & Dissidents
47 actors
Education & Research
50 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 49 techniques
Resource Development
· 1
T1583.006
Web Services
Initial Access
· 2
T1189
Drive-by Compromise
T1566.002
Spearphishing Link
Execution
· 7
T1059.001
PowerShell
T1059.003
Persistence
· 2
Privilege Escalation
· 1
T1068
Exploitation for Privilege Escalation
Credential Access
· 2
T1110
Brute Force
Discovery
· 12
T1007
System Service Discovery
T1012
Query Registry
Lateral Movement
· 2
T1021.002
SMB/Windows Admin Shares
Collection
· 3
T1005
Data from Local System
T1025
Data from Removable Media
T1560.001
Archive via Utility
Exfiltration
· 1
T1567.002
Exfiltration to Cloud Storage
Command And Control
· 7
T1071.001
Web Protocols
T1071.003
Mail Protocols
T1090
Defense Impairment
· 2
T1112
Modify Registry
Stealth
· 7
T1027.010
Command Obfuscation
T1036.005
Match Legitimate Resource Name or Location
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
Windows Command Shell
T1059.005
Visual Basic
T1059.006
Python
T1059.007
JavaScript
T1106
Native API
T1204.001
Malicious Link
T1547.001
Registry Run Keys / Startup Folder
T1547.004
Winlogon Helper DLL
T1555.004
Windows Credential Manager
T1016
System Network Configuration Discovery
T1018
Remote System Discovery
T1049
System Network Connections Discovery
T1057
Process Discovery
T1069.001
Local Groups
T1083
File and Directory Discovery
T1120
Peripheral Device Discovery
T1124
System Time Discovery
T1201
Password Policy Discovery
T1615
Group Policy Discovery
T1570
Lateral Tool Transfer
Proxy
T1090.001
Internal Proxy
T1102
Web Service
T1102.002
Bidirectional Communication
T1105
Ingress Tool Transfer
T1685
Disable or Modify Tools
T1055
Process Injection
T1055.001
Dynamic-link Library Injection
T1078.003
Local Accounts
T1140
Deobfuscate/Decode Files or Information
T1564.012
File/Path Exclusions