Epic Turla attack: Two Romainian ministries targeted by cyber spies

Security researchers at Kaspersky Lab said they have uncovered a cyber espionage operation that successfully penetrated two spy agencies and hundreds of government and military targets in Europe and the Middle East since the beginning of this year, writes Reuters.

Dubbed “Epic Turla,” the operation stole vast quantities of data, including word processing documents, spreadsheets and emails, Kaspersky said, adding that the malware searched for documents with terms such as “NATO,” “EU energy dialogue” and “Budapest.”

“We saw them stealing pretty much every document they could get their hands,” Costin Raiu, head of Kaspersky Lab’s threat research team, told Reuters ahead of the release of a report on “Epic Turla” on Thursday during the Black Hat hacking conference in Las Vegas.

On Thusday, Sorin Sava spokesperson for the Romanian Information Service (Sorin Sava(, confirmed that several of Romania’s institutions were the victims of a widespread cyber-attack.

“I can confirm that Romania is once again attacked via cyberspace, state instutions are being targeted”, according to Sava, quoted by Mediafax.

Romania is in the top ten most affected countries by this attack, on the 7th position with 15 victims that had their data breached, with France being the most heavily hit with 25 institutions. In Romania, cyber-spies hit two ministries, two other government institutions, private companies and private users.

“Romania is at the same time the country with the most infected websites (six) which support the Epic Turla attack as we speak, thereby making it the most attractive nation-target in the world for hackers. They are especially looking for users that connect to the Internet from government ip’s”, according to Kaspersky lab.