(Bloomberg) -- The Russian hacking group Turla targeted an entity in a European nation last month, according to a threat alert document seen by Bloomberg News.

It’s the second time in recent weeks that activity by Turla, which is considered a top-level cyber-espionage threat, has been detected in the European Union, the document says. Hackers used a decoy Microsoft Corp. document and JavaScript backdoor to target the entity, according to the EU document.

Authorities in the UK and US, in addition to cybersecurity firms, have published several warnings in recent years about Turla, which is also known as Venomous Bear and Waterbug. It deploys a variety of techniques to target government, military, technology, energy and commercial organizations for intelligence gathering, according to authorities.

A report by a German public broadcaster earlier this year suggested the group has links to the Russian intelligence service, the FSB. 

Turla also was suspected of using tools from an Iranian hacking group to conduct cyberattacks against dozens of countries. The attacks would then appear to be coming from Iran, masking the real hackers’ identity, authorities disclosed in 2019.

Russia-Linked Group Likely Used Iranian Hacking Tools, NSA Says

There is currently no evidence that EU institutions have been targeted but the bloc’s Computer Emergency Response Team is currently searching for potential infections, according to the document.

©2022 Bloomberg L.P.