ATT&CK® Evaluations: Enterprise — Call for Participation with Turla (2023)

July 8, 2022

The Call for Participation for Round 5 of MITRE Engenuity ATT&CK^® Evaluations: Enterprise is officially open now until September 16, 2022. If your organization is interested in participating in a detection/protection evaluation, please email us at evals@mitre-engenuity.org. This round will be focused on evaluating product capabilities to detect and protect against adversary behavior inspired by Turla (G0010). In keeping consistency with previous years, participants will have the opportunity to participate in detection scenarios, with the optional opportunity to test their tools’ protection scenarios as well.

Why Turla

Turla is an extremely unique adversary that the ATT&CK Evaluations team is thrilled to emulate. Active since at least the early 2000s, Turla is a sophisticated Russian-based threat group that has infected victims in over 45 countries. The group is known to target government agencies, diplomatic missions, military groups, research, and media organizations. Turla adopts novel and sophisticated techniques to maintain operational security, including the use of a distinctive command-and-control network in concert with their repertoire of using open source and in-house tools. Turla is known for their targeted intrusions and innovative stealth. After establishing a foothold and conducting victim enumeration, Turla persists with a minimal footprint through in-memory or kernel implants. Turla executes highly targeted campaigns aimed at exfiltrating sensitive information from Linux and Windows infrastructure.

Read the full announcement on Medium