"Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group's Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely actively collaborating with Gamaredon to gain access to specific machines in Ukraine and deliver the Kazuar backdoor. "PteroGraphin was used to restart the Kazuar v3 backdoor, possibly after it crashed or was not launched automatically,""
""Turla, also known as Snake, is an infamous cyber espionage group that has been active since at least 2004, possibly extending back into the late 1990s. It mainly focuses on high-profile targets, such as governments and diplomatic entities, in Europe, Central Asia, and the Middle East. It is known for having breached major organizations such as the US Department of Defense in 2008 and the Swiss defense company RUAG in 2014.""
ESET observed Gamaredon and Turla collaborating to compromise Ukrainian entities by using Gamaredon malware families to deploy the Turla Kazuar backdoor. In February 2025 PteroGraphin and PteroOdd were used to execute and restart Kazuar v3 on an endpoint, suggesting a recovery role for PteroGraphin; in April and June 2025 PteroOdd and PteroPaste delivered Kazuar v2. Both Gamaredon and Turla are assessed as affiliated with the Russian FSB. Gamaredon has targeted Ukrainian governmental institutions since at least 2013. Turla has targeted high-profile diplomatic and governmental organizations since at least 2004, with known breaches of the US DoD and RUAG. The 2022 full-scale invasion likely accelerated this operational convergence focused on the Ukrainian defense sector.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]