📰 Russian APT Turla Evolves Kazuar Backdoor into Stealthy P2P Botnet
🇷🇺 Russian APT Turla has upgraded its Kazuar backdoor into a modular P2P botnet. The new architecture enhances stealth and resilience, making it harder to detect and disrupt. The focus remains on long-term espionage. #Turla #APT #Kazuar #CyberSecur...
🌐 cyber[.]netsecops[.]io
Kazuar si evolve: Secret Blizzard (Turla) trasforma il suo backdoor storico in una botnet P2P modulare invisibile
Il gruppo russo Secret Blizzard (Turla/FSB) ha trasformato il malware Kazuar in una botnet peer-to-peer con tre moduli distinti (Kernel, Bridge, Worker) e 150 parametri di configurazione. La nuova architettura usa un sistema di elezione del leader per ridurre al minimo il traffico verso i server C2, rendendo il rilevamento estremamente difficile. Obiettivi: governi, ambasciate e settore difesa in Europa e Ucraina.
The Russian state-sponsored group Turla (aka Secret Blizzard) has significantly evolved its Kazuar backdoor into a sophisticated, modular P2P botnet. This isn't just a new version; it's a fundamental architectural shift designed for extreme stealth and resilience. With its leader election and encrypted internal comms, Kazuar is now flying under the radar, making behavioral detection your only effective…
🤖 This post was AI-generated.
Russian Hackers Upgrade Kazuar Backdoor to Modular Botnet
Microsoft researchers have uncovered a significant upgrade to the Kazuar backdoor, transforming it into a modular peer-to-peer botnet by the notorious Russian hacker group, Secret Blizzard. This sophisticated tool has been used to target high-stakes organizations and critical systems across Europe, Asia, and Ukraine.
#RussianHackers #KazuarBackdoor #ModularBotnet #SecretBlizzard #Turla
Turla Upgrades Kazuar Backdoor to Modular P2P Botnet
Microsoft's Threat Intelligence team has uncovered a significant upgrade to the Kazuar backdoor by the notorious Russian state-sponsored group Turla, now a modular P2P botnet designed for long-term intelligence collection. This move enables Turla to maintain a persistent grip on compromised systems.
This blog post analyzes the latest version of Turla’s Kazuar v3 loader, which was previously examined at the beginning of 2024. The upgraded loader heavily utilizes the Component Object Model (COM) and employs patchless Event Tracing for Windows (ETW) and Antimalware Scan Interface (AMSI) bypass techniques, as well as a control flow redirection trick, alongside various other methods to evade security solutions and increase analysis time. It is likely that this malware was used in the same campaign which ESET reported in their Gamaredon and Turla collaboration article, as the loaded Kazuar v3 payloads also use the agent label AGN-RR-01.
// Turla + Gamaredon : alliance inédite entre APT russes
⚠️ Deux groupes APT liés au Kremlin, Turla et Gamaredon, collaborent pour la première fois en Ukraine. Une synergie inquiétante entre cyber-espionnage et sabotage.
🔗 https://www.datasecuritybreach.fr/turla-et-gamaredon-la-collaboration-inedite-de-deux-apt-russes/
#APT #CyberEspionnage #Turla #Gamaredon #Ukraine #zataz @Damien_Bancal
CyberNetsecIO
(in)sicurezza digitale
securityaffairs
Daniel Marsh
Analyst207
The Threat Codex
ZATAZ - "\o/"