The Threat CodexJan 28
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
#CVE_2025_8088 #RomComGroup #APT44 #TEMP.Armageddon #Gamaredon #Turla #zeroplayer
https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 | Google Cloud Blog

Espionage and financially motivated threat actors are exploiting critical WinRAR vulnerability CVE-2025-8088.

Google Cloud Blog
The Threat CodexJan 15
COMmand & Evade: Turla's Kazuar v3 Loader
#Turla #KazuarV3Loader
https://r136a1.dev/2026/01/14/command-and-evade-turlas-kazuar-v3-loader/
🇷🇺 COMmand & Evade: Turla's Kazuar v3 Loader

This blog post analyzes the latest version of Turla’s Kazuar v3 loader, which was previously examined at the beginning of 2024. The upgraded loader heavily utilizes the Component Object Model (COM) and employs patchless Event Tracing for Windows (ETW) and Antimalware Scan Interface (AMSI) bypass techniques, as well as a control flow redirection trick, alongside various other methods to evade security solutions and increase analysis time. It is likely that this malware was used in the same campaign which ESET reported in their Gamaredon and Turla collaboration article, as the loaded Kazuar v3 payloads also use the agent label AGN-RR-01.

R136a1
ZATAZ - "\o/"Sep 29

// Turla + Gamaredon : alliance inédite entre APT russes

⚠️ Deux groupes APT liés au Kremlin, Turla et Gamaredon, collaborent pour la première fois en Ukraine. Une synergie inquiétante entre cyber-espionnage et sabotage.

🔗 https://www.datasecuritybreach.fr/turla-et-gamaredon-la-collaboration-inedite-de-deux-apt-russes/

#APT #CyberEspionnage #Turla #Gamaredon #Ukraine #zataz @Damien_Bancal

securityaffairsSep 21
#ESET uncovers #Gamaredon#Turla collaboration in #Ukraine cyberattacks
https://securityaffairs.com/182404/apt/eset-uncovers-gamaredon-turla-collaboration-in-ukraine-cyberattacks.html
#securityaffairs #hacking
ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks

ESET found evidence that Russia-linked groups Gamaredon and Turla collaborated in cyberattacks on Ukraine between February and April 2025.

Security Affairs
Ars Technica NewsSep 19
Two of the Kremlin’s most active hack groups are collaborating, ESET says https://arstechni.ca/NMLz #advancedpersistentthreat #gamaredon #Security #Biz&IT #russia #turla #APT
Two of the Kremlin’s most active hack groups are collaborating, ESET says

Turla is getting a helping hand from Gamaredon. Both are units of Russia’s FSB.

Ars Technica
Mathew J. SchwartzAug 5, 2025
Russia uses domestic ISPs to spy on diplomats, warns Microsoft
https://www.databreachtoday.com/russia-uses-isps-to-spy-on-diplomats-warns-microsoft-a-29113 #SecretBlizzard #Turla
PrivacyDigestAug 3, 2025

The Kremlin's Most Devious #Hacking Group Is Using #Russian ISPs to Plant #Spyware

The #FSB #cyberespionage group known as #Turla seems to have used its control of Russia's network #infrastructure to meddle with web traffic and trick #diplomats into #infecting their computers.
#russia #kremlin #isp

https://www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/

The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers.

WIRED
OpexNewsAug 1, 2025
🇷🇺 Selon #Microsoft, le groupe de hackers #Turla lié au FSB auraient exploité les FAI russes pour installer un faux "update" dans les ambassades de Moscou, désactivant le chiffrement des communications. #cyber https://www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/
The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers.

WIRED
অর্ঘ্য 🏏📚 💻Jul 31, 2025

Microsoft found #Turla, 🇷🇺 elite FSB #cyberespionage group, hacking foreign embassies' staff in Moscow by directly meddling with ISP traffic to infect targets with #spyware that silently stripped away encryption on their communications & credentials.

🔗 https://www.wired.com/story/russia-fsb-turla-secret-blizzard-apolloshadow-isp-cyberespionage/

The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers.

WIRED
WinbuzzerJul 31, 2025

Microsoft: Russian State Hackers Are Spying on Embassies via ISP-Level Attacks

#CyberSecurity #Russia #Microsoft #Hacking #FSB #Turla #ThreatIntel

https://winbuzzer.com/2025/07/31/microsoft-russian-state-hackers-are-spying-on-embassies-via-isp-level-attacks-xcxwbn