"Two Russian state-sponsored threat actors have been working together in recent cyberattacks against Ukrainian targets, evidence collected by ESET suggests. Specifically, the company found that, between February and April 2025, tools that Gamaredon had deployed were used to restart and deploy Turla malware on the systems of select victims in Ukraine. Turla, also known as Krypton, Snake, Venomous Bear, and Waterbug, has been active since at least 2004, focusing on high-profile targets, including diplomats and government entities in Europe, Central Asia, and the Middle East."
"Gamaredon, also known as Armageddon, BlueAlpha, Blue Otso, Callisto, Iron Tilden, Primitive Bear, Sector C08, and Winterflounder, has been active since at least 2013, mainly targeting individuals and organizations in Ukraine. Gamaredon is believed to have conducted thousands of intrusions against Ukrainian entities. This year, on four of the compromised machines, ESET discovered that the APT's tools were used to issue commands to and deploy Turla implants."
ESET collected evidence that Gamaredon used its tools between February and April 2025 to restart and deploy Turla malware (Kazuar) on select Ukrainian systems. ESET identified four compromised machines where Gamaredon tools issued commands and installed Kazuar components; PteroGraphin likely restarted a crashed Kazuar in February while PteroOdd and PteroPaste deployed Kazuar v2 installers in April. Turla has targeted diplomats and government entities since at least 2004. Gamaredon has targeted Ukrainian individuals and organizations since at least 2013 and is believed to have conducted thousands of intrusions. ESET assesses with strong confidence the two groups collaborated.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]