Turla
-
Google details Turla’s STOCKSTAY backdoor used against Ukraine and European targets
Google said Turla used a previously undocumented .NET backdoor called STOCKSTAY against government and military targets in Ukraine and other European entities, with activity dating to December 2022 and delivery through phishing and archive-based lures.
-
Turla turns Kazuar backdoor into modular P2P botnet
Turla has reworked its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access, Microsoft said in a technical analysis published Thursday. The malware now uses separate Kernel, Bridge and Worker components.
-
ESET: Gamaredon and Turla Coordinating Campaign Targets Ukrainian Institutions, Deploying Kazuar Backdoor
Security researchers have identified a coordinated campaign between Gamaredon and Turla targeting Ukrainian entities, with Kazuar backdoor deployments signaling active collaboration and evolving tactics across multiple campaigns in early 2025.



