home.social

#turla — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #turla, aggregated by home.social.

  1. EU, UK sanction Russian cyberespionage networks over destructive attacks

    European governments sanctioned Russian individuals and organizations Monday over what they said was a years-long campaign of cyberespionage…
    #Europe #EU #Austria #cyberespionage #Cyprus #Energy #EuropeanUnion #Finland #fsb #Germany #gru #lummastealer #Netherlands #Poland #Romania #Russia #secretblizzard #Slovakia #turla #unitedkingdom(u.k.)
    europesays.com/europe/93170/

  2. EU, UK sanction Russian cyberespionage networks over destructive attacks

    European governments sanctioned Russian individuals and organizations Monday over what they said was a years-long campaign of cyberespionage…
    #EuropeSays #Russia #Austria #cyberespionage #Cyprus #Energy #EuropeanUnion #Finland #FSB #Germany #gru #lummastealer #Netherlands #Poland #Romania #secretblizzard #Slovakia #turla #unitedkingdom(u.k.)
    europesays.com/russia/39406/

  3. EU sanktioniert Russland wegen schwerer Cyberangriffe und Sabotage

    EU sanktioniert Russland wegen schwerer Cyberangriffe und Sabotage Der Europäische Rat hat am Montag eine scharfe Rüge gegen…
    #EuropeSays #EU #Europa #Cybercrime #EuropäischeUnion #FSB #GRU #Hacktivismus #Industriespionage #Iran #IT #Netzpolitik #NotPetya #Russland #Security #Turla #Ukraine-Krieg
    europesays.com/europa/67583/

  4. STOCKSTAY Another Day: The Latest Addition to Turla’s Intelligence Gathering Apparatus

    Google Threat Intelligence Group has identified STOCKSTAY, a .NET backdoor continuously developed and deployed by Russia-linked Turla (FSB Center 16) since December 2022. The multi-component malware communicates via secure WebSocket connections and targets government and military organizations in Ukraine, as well as entities interested in Italian foreign policy. STOCKSTAY shares significant code overlaps with KAZUAR, particularly the K1MORPHER obfuscation mechanism. The threat actor employs academic and diplomatic lures, malicious RDP files, and compromised Ukrainian infrastructure for deployment. STOCKSTAY demonstrates environmental keying for configuration protection and operates at multiple operational stages. The malware's modular architecture separates C2 communication, task orchestration, and execution into distinct components, mirroring KAZUAR's design philosophy and indicating shared development resources within Turla's cyber espionage arsenal.

    Pulse ID: 6a3db99d3f27ba984f5154ff
    Pulse Link: otx.alienvault.com/pulse/6a3db
    Pulse Author: AlienVault
    Created: 2026-06-25 23:28:29

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #CyberSecurity #Espionage #Google #Government #InfoSec #Italian #Kazuar #Malware #Military #NET #OTX #OpenThreatExchange #RAT #RCE #RDP #Russia #Turla #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault

  5. STOCKSTAY Another Day: The Latest Addition to Turla’s Intelligence Gathering Apparatus

    Google Threat Intelligence Group has identified STOCKSTAY, a .NET backdoor continuously developed and deployed by Russia-linked Turla (FSB Center 16) since December 2022. The multi-component malware communicates via secure WebSocket connections and targets government and military organizations in Ukraine, as well as entities interested in Italian foreign policy. STOCKSTAY shares significant code overlaps with KAZUAR, particularly the K1MORPHER obfuscation mechanism. The threat actor employs academic and diplomatic lures, malicious RDP files, and compromised Ukrainian infrastructure for deployment. STOCKSTAY demonstrates environmental keying for configuration protection and operates at multiple operational stages. The malware's modular architecture separates C2 communication, task orchestration, and execution into distinct components, mirroring KAZUAR's design philosophy and indicating shared development resources within Turla's cyber espionage arsenal.

    Pulse ID: 6a3db99d3f27ba984f5154ff
    Pulse Link: otx.alienvault.com/pulse/6a3db
    Pulse Author: AlienVault
    Created: 2026-06-25 23:28:29

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #CyberSecurity #Espionage #Google #Government #InfoSec #Italian #Kazuar #Malware #Military #NET #OTX #OpenThreatExchange #RAT #RCE #RDP #Russia #Turla #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault

  6. 📰 Russian APT Turla Evolves Kazuar Backdoor into Stealthy P2P Botnet

    🇷🇺 Russian APT Turla has upgraded its Kazuar backdoor into a modular P2P botnet. The new architecture enhances stealth and resilience, making it harder to detect and disrupt. The focus remains on long-term espionage. #Turla #APT #Kazuar #CyberSecur...

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/ru

  7. Kazuar si evolve: Secret Blizzard (Turla) trasforma il suo backdoor storico in una botnet P2P modulare invisibile

    Il gruppo russo Secret Blizzard (Turla/FSB) ha trasformato il malware Kazuar in una botnet peer-to-peer con tre moduli distinti (Kernel, Bridge, Worker) e 150 parametri di configurazione. La nuova architettura usa un sistema di elezione del leader per ridurre al minimo il traffico verso i server C2, rendendo il rilevamento estremamente difficile. Obiettivi: governi, ambasciate e settore difesa in Europa e Ucraina.

    insicurezzadigitale.com/kazuar

  8. Kazuar si evolve: Secret Blizzard (Turla) trasforma il suo backdoor storico in una botnet P2P modulare invisibile

    Il gruppo russo Secret Blizzard (Turla/FSB) ha trasformato il malware Kazuar in una botnet peer-to-peer con tre moduli distinti (Kernel, Bridge, Worker) e 150 parametri di configurazione. La nuova architettura usa un sistema di elezione del leader per ridurre al minimo il traffico verso i server C2, rendendo il rilevamento estremamente difficile. Obiettivi: governi, ambasciate e settore difesa in Europa e Ucraina.

    insicurezzadigitale.com/kazuar

  9. Turla Upgrades Kazuar Backdoor to Modular P2P Botnet

    Microsoft's Threat Intelligence team has uncovered a significant upgrade to the Kazuar backdoor by the notorious Russian state-sponsored group Turla, now a modular P2P botnet designed for long-term intelligence collection. This move enables Turla to maintain a persistent grip on compromised systems.

    osintsights.com/turla-upgrades

    #Russia #Turla #Kazuar #ModularBotnet #P2pBotnet

  10. Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)

    A new malware sample used in targeted campaigns by the Turla APT group has been analyzed. The malware employs a new wrapper, dubbed Pelmeni, to deploy the Kazuar backdoor. Differences in exfiltration methods and logging from previous versions of Kazuar were identified.

    Pulse ID: 65d5c00be70d5ee9ef2c57ce
    Pulse Link: otx.alienvault.com/pulse/65d5c
    Pulse Author: AlienVault
    Created: 2024-02-21 09:19:07

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #OTX #OpenThreatExchange #InfoSec #bot #CyberSecurity #Malware #BackDoor #RAT #Turla #Kazuar #AlienVault

  11. To enhance its stealth capabilities, Kazuar employs extensive anti-analysis functionality. It remains dormant and ceases all C2 communication if it detects debugging or analysis attempts.

    #Cybersecurity #Turla #Backdoor #Kazuar #Russia #Malware

    cybersec84.wordpress.com/2023/

  12. To enhance its stealth capabilities, Kazuar employs extensive anti-analysis functionality. It remains dormant and ceases all C2 communication if it detects debugging or analysis attempts.

    #Cybersecurity #Turla #Backdoor #Kazuar #Russia #Malware

    cybersec84.wordpress.com/2023/