Kazuar Backdoor Uses DLL Side-Loading and PowerShell Loaders for Stealthy Execution
Turla’s Kazuar backdoor has re-emerged as a technically sophisticated persistence and reconnaissance tool that combines DLL side-loading with PowerShell-base...
Russian FSB group known for sophisticated cyber-espionage campaigns targeting governments, embassies, and military networks worldwide since at least 2004.
Also known as: turla, venomous bear, snake group, secret blizzard, uroboros, waterbug, iron hunter, krypton, belugasturgeon
Turla’s Kazuar backdoor has re-emerged as a technically sophisticated persistence and reconnaissance tool that combines DLL side-loading with PowerShell-base...
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open.
Analysis of a .NET backdoor tracked as STOCKSTAY exposes a mature, modular espionage implant actively developed and deployed by the Russia-linked Turla clust...
STOCKSTAY, written in .NET and utilizing the Windows Forms framework, communicates with its command-and-control (C2) server via a secure WebSocket connection.
Threat intelligence researchers at Google described StockStay, the latest malware developed by the Russian cyber-espionage group known as Turla.
Turla has been using the backdoor against government and military organizations in Ukraine for espionage. The post Russian APT Deploys ‘StockStay’ Backdoor A...
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deploye...
A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also...
Turla, also known as Secret Blizzard and linked to Russia's FSB, has re-engineered its Kazuar .NET backdoor, first used in 2017, into a modular botnet.
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla...
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persi...
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineere...
Microsoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its ...
Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to ...
Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine