-
Google said Turla used a previously undocumented .NET backdoor called STOCKSTAY against government and military targets in Ukraine and other European entities, with activity dating to December 2022 and delivery through phishing and archive-based lures.
