tomcat

🚨 Google has linked Turla to a new .NET backdoor.

STOCKSTAY was used in espionage campaigns targeting #Ukraine government and military organizations.

It overlaps with Kazuar and reached targets through phishing, RDP files, MSI installers, and #WinRAR CVE-2025-8088 lures.

See the full attack details 🠖 https://thehackernews.com/2026/06/google-details-turlas-new-stockstay.html

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Google links Turla to STOCKSTAY, a new .NET backdoor used in phishing attacks against Ukraine government and military targets.

The Hacker News
Jun 26 at 7:37amWeb