ExpressVPN Warns about Epic Espionage

ExpressVPN, our top pick for security VPNs reported to us that Kaspersky Lab has found out quite a bit about the cyber spying activities of Epic Turla. This program has targets in 45 countries around the globe. Epic uses several attacks which are customizable and designed to sniff out profitable targets. Russia is the prime suspect in the attacks.

Epic Targets

Kaspersky Lab monitored the Epic Turla campaign for eight months to learn about its activities and targets. Epic, one project which has been ongoing since 2012, was especially active in the first quarter of this year. The program has some major global targets like embassies, the military, pharmaceutical companies, and government departments of trade and commerce. Epic targets mostly European and Middle Eastern organizations, but is spread out over 45 different countries.

Epic Turla hackers use different techniques that are customized to achieve the desired results. Mostly they are a combination of social engineering attacks, zero-day exploits, and watering hole attacks. One zero-day exploit used targeted Adobe Reader files. The exploit was used to spread malicious email attachments. Users who opened the infected PDFs opened their systems up to command and control access. The hacker would be able to take over the user’s system completely. Another zero-day exploit attacked users of Windows XP and Windows Server 2003. This was done for EoP to give the attackers unlimited access to the user’s system with extra privileges.

Epic attackers also used spear-phishing tactics to deliver malicious code to users’ systems. The phishing emails could contain infected PDF files or entice the user into clicking on a .scr file which would install the malware on their devices. Java, Internet Explorer and Adobe Flash were also used for watering hole attacks. Users would be deceived into running Flash player that would spread malware through systems. These attacks would be customized for each target IP address.

Infected systems under Epic would immediately begin sending system information to hacker controlled servers. This is sent through the backdoors created by the Epic attackers. Some backdoors identified in the study are called Wipbot, WorldCupSec, Tadvig and TadjMakhal. When the critical information is received by the attackers, they move to send prepared batch files to the system. These files contain instructions for what they want the system to do. They might also deliver keylogger software, DNS query tools, and RAR archivers.


To date, Epic Turla has gained control of over 50 servers to which hacked systems communicate vital system data. If the hackers think that the system they have gained control over is interesting enough, they can inject the complete Turla carbon system for easier access to information.

Rank Provider Name Starting Price Money Back Guarantee
Visit Provider Site
1 express VPN $6.67/ Month 30 Days visit expressvpn
2 $11.52/ Month 30 Days visit expressvpn
3 $14.95/Month 7 Days visit vyprvpn
4 IpVanish VPN $10.00/ Month 7 Days visit ipvanish
5 $21/ 3 Months 7 Days visit strongvpn
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
Filed in: News

Get Updates

Share This Post

Recent Posts

Leave a Reply

Submit Comment

© Get Best VPN Service in Europe. All rights reserved.