Epic Turla has already infected several hundreds of computers in over 45 countries and the sophisticated attacks are still ongoing. Kasperski has discovered that many of these infected computers are connected to Government institutions, education and research constitutions and foreign Embassies. The security company commented that “over the last 10 months, Kaspersky Lab researchers have analysed a massive cyber-espionage operation which we call ‘Epic Turla”.
The Epic Turla attacks started their process by using two zero-day exploits which focused on Microsoft and Adobe software, specifically those installed on Windows XP and Windows 2003 computers. Windows XP has already had its support ended back in April 2014 and Windows 2003 support has started to be reduced by Microsoft. This decrease in support has left many users still using these operating systems open to vulnerable attacks from potential hackers.
Kaspersky has reported two variants of Epic Turla:
- CVE-2013-5065 – Privilege escalation vulnerability in Windows XP and Windows 2003
- CVE-2013-3346 – Arbitrary code-execution vulnerability in Adobe Reader
The company has also “observed exploits against older (patched) vulnerabilities, social engineering techniques and watering hole strategies in these attacks. The primary backdoor used in the Epic attacks is also known as “WorldCupSec”, “TadjMakhal”, “Wipbot” or “Tavdig”.
Although this attack is actively targeting users in Europe and the Middle East, it is highly recommended any Windows XP or Windows 2003 computers are upgraded and users install secure antivirus protection software. For additional protection, businesses can always run a vulnerability assessment to determine how secure their website or network is against potential hackers.