📰 Russian APT Turla Unleashes New 'STOCKSTAY' Backdoor in Ukraine Espionage Attacks

🇷🇺 Russia's Turla APT deploys new 'STOCKSTAY' .NET backdoor in espionage attacks on Ukraine. Google reports the malware shares code with the Kazuar implant and uses WebSockets for C2. 🕵️‍♂️ #ThreatIntel #Malware #Turla #CyberSecurity #Ukraine

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/russian-apt-turla-deploys-new-stockstay-dotnet-backdoor-in-espionage-campaign…

STOCKSTAY Another Day: The Latest Addition to Turla’s Intelligence Gathering Apparatus

Google Threat Intelligence Group has identified STOCKSTAY, a .NET backdoor continuously developed and deployed by Russia-linked Turla (FSB Center 16) since December 2022. The multi-component malware communicates via secure WebSocket connections and targets government and military organizations in Ukraine, as well as entities interested in Italian foreign policy. STOCKSTAY shares significant code overlaps with KAZUAR, particularly the K1MORPHER obfuscation mechanism. The threat actor employs academic and diplomatic lures, malicious RDP files, and compromised Ukrainian infrastructure for deployment. STOCKSTAY demonstrates environmental keying for configuration protection and operates at multiple operational stages. The malware's modular architecture separates C2 communication, task orchestration, and execution into distinct components, mirroring KAZUAR's design philosophy and indicating shared development resources within Turla's cyber espionage arsenal.

Pulse ID: 6a3db99d3f27ba984f5154ff
Pulse Link: https://otx.alienvault.com/pulse/6a3db99d3f27ba984f5154ff
Pulse Author: AlienVault
Created: 2026-06-25 23:28:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Espionage #Google #Government #InfoSec #Italian #Kazuar #Malware #Military #NET #OTX #OpenThreatExchange #RAT #RCE #RDP #Russia #Turla #UK #Ukr #Ukraine #Ukrainian #bot #AlienVault

Turla Unveils STOCKSTAY Backdoor in Ukraine Espionage Campaigns

Russian hackers, specifically the state-sponsored group Turla, have unleashed a new and stealthy backdoor called STOCKSTAY in a recent espionage campaign targeting Ukraine. This sneaky malware uses a secure WebSocket connection to communicate with its command center, making it a formidable tool for cyber spies.

https://osintsights.com/turla-unveils-stockstay-backdoor-in-ukraine-espionage-campaigns?utm_source=mastodon&utm_medium=social

#Turla #StockstayBackdoor #Ukraine #Russia #Cve20258088

📰 Russian APT Turla Evolves Kazuar Backdoor into Stealthy P2P Botnet

🇷🇺 Russian APT Turla has upgraded its Kazuar backdoor into a modular P2P botnet. The new architecture enhances stealth and resilience, making it harder to detect and disrupt. The focus remains on long-term espionage. #Turla #APT #Kazuar #CyberSecur...

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/russian-apt-turla-upgrades-kazuar-backdoor-into-p2p-botnet/?utm_source=mastodon&utm_…

Kazuar si evolve: Secret Blizzard (Turla) trasforma il suo backdoor storico in una botnet P2P modulare invisibile

https://insicurezzadigitale.com/kazuar-si-evolve-secret-blizzard-turla-trasforma-il-suo-backdoor-storico-in-una-botnet-p2p-modulare-invisibile/

The Russian state-sponsored group Turla (aka Secret Blizzard) has significantly evolved its Kazuar backdoor into a sophisticated, modular P2P botnet. This isn't just a new version; it's a fundamental architectural shift designed for extreme stealth and resilience. With its leader election and encrypted internal comms, Kazuar is now flying under the radar, making behavioral detection your only effective…

https://www.tpp.blog/1fy0hp6

#cybersecurity #turla #kazuar

🤖 This post was AI-generated.

Russian Hackers Upgrade Kazuar Backdoor to Modular Botnet

Microsoft researchers have uncovered a significant upgrade to the Kazuar backdoor, transforming it into a modular peer-to-peer botnet by the notorious Russian hacker group, Secret Blizzard. This sophisticated tool has been used to target high-stakes organizations and critical systems across Europe, Asia, and Ukraine.

https://osintsights.com/russian-hackers-upgrade-kazuar-backdoor-to-modular-botnet?utm_source=mastodon&utm_medium=social

#RussianHackers #KazuarBackdoor #ModularBotnet #SecretBlizzard #Turla

Turla Upgrades Kazuar Backdoor to Modular P2P Botnet

Microsoft's Threat Intelligence team has uncovered a significant upgrade to the Kazuar backdoor by the notorious Russian state-sponsored group Turla, now a modular P2P botnet designed for long-term intelligence collection. This move enables Turla to maintain a persistent grip on compromised systems.

https://osintsights.com/turla-upgrades-kazuar-backdoor-to-modular-p2p-botnet?utm_source=mastodon&utm_medium=social

#Russia #Turla #Kazuar #ModularBotnet #P2pBotnet