The Epic Turla Operation is a report by Kaspersky Lab's Global Research and Analysis Team that details the activities of the Turla malware group. The report focuses on a keylogger module used by Turla, which is designed to intercept and record keyboard input. The module creates a log file and a hidden console window, and registers a hook procedure for low-level keyboard input events. The hook procedure intercepts system messages related to keyboard input and writes the information to the log file. The report also mentions that the module retrieves the current foreground window handle every 100 milliseconds and writes the window's name and path to the log file when a new window becomes active.
