New:
#Turla is one of the most skilled hacker groups operating.
@FlorianFlade, Lea Frey and I've spent close to a year chasing down leads. We were able to identify, we think, two developers, their employers, and from there, their ties to the FSB.
interaktiv.br.de/elite-hacker-f…
This marks the 1st time, to our knowledge, that an #osint-based investigation is able to tie Turla to the intelligence service FSB. The clues we were able to find date back up two ~two decades.
tagesschau.de/investigativ/b…
In essence, two companies come into focus: Atlas and Center-Inform. Both have a history rooted in Russian intelligence. Between 2004 and 2007, Atlas would officially be known as "Atlas of the FSB", as can be seen in press releases by the FSB itself.
We have no indication that the suspected developers are still working with Turla. Which is one of many reasons why we chose not to name them. We stick to their developer handles left in the malware. The illustrations are based on real images, but have been altered.
We have also seen non-public intel reports produced by Crowdstrike and BAE Systems. They've been tracking Turla for years, obviously. The many findings described in their reports serve as additiional, and crucial, corroboration.
We've decided to tell this story visually. You can follow along, from one clue to the next. Immensely grateful to be working with a team this talented and this thorough (@stekhn, @BayerlSebastian, @nierlev, @robschoeffel, @FlorianFlade, Max Brandl, Lea Frey, Monika Wagener.)
Some people expressed interest in the cards, so here you go
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.