Turla has been targeting defense sector organizations in Ukraine and Eastern Europe with DeliveryCheck and Kazuar backdoors / infostealers and has been using compromised Microsoft Exchange servers to control them. Turla APT Turla (aka Secret Blizzard, Snake, UAC-0003) is a sophisticated and persistent APT group that has been active for over 10 years and is believed to be sponsored by the Russian state.

Source: Help Net Security