A toolset belonging to the Russian-speaking Turla APT has been publicly disclosed, and along with it details on its capabilities and indicators of compromise. The tools, called WhiteBear, were used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia and South America during most of 2016.
Researchers at Kaspersky Lab said today in a Securelist report that WhiteBear could be the second stage of another Turla operation known as Skipper Turla with separate malware development efforts behind each set of activity.
Turla is among the elite APT organizations in the world. It’s been active since the mid-1990s and it one of the oldest cyberepionage groups.