All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Google Threat Intelligence Analyzes Turla's STOCKSTAY .NET Backdoor Used in Cyber Espionage Against Ukraine and Europe

By

GoogleCloudIntel

11h ago· 5 min readenInsight
technologysecuritythreat intelligencecyber espionage

Summary

Google Threat Intelligence Group's analysis of STOCKSTAY, a .NET backdoor used by the Russian state-sponsored threat actor Turla for cyber espionage operations targeting Ukraine and European entities. The report details STOCKSTAY's multi-component architecture, deployment methods, infrastructure overlaps with the KAZUAR backdoor, and indicators of compromise. It also documents Turla's use of GitHub, Render, compromised websites, and phishing lures for distribution.

Source

bskyGoogle Threat Intelligence Analyzes Turla's STOCKSTAY .NET Backdoor Used in Cyber Espionage Against Ukraine and Europehendryadrian.com

Key quotes

· 2 pulled
Google Threat Intelligence Group analyzed STOCKSTAY, a .NET backdoor used by Turla for cyber espionage against Ukraine and European targets
The report also documents infrastructure, indicators of compromise, and evidence of Turla using GitHub, Render, compromised websites, and phishing lures to distribute
Snippet from the RSS feed
Google Threat Intelligence Group analyzed STOCKSTAY, a .NET backdoor used by Turla for cyber espionage against Ukraine and European targets, and detailed its multi-component architecture, deployment methods, and overlaps with KAZUAR. The re...

You might also wanna read

Analysis of CVE-2026-4020: Coordinated Google Cloud Fleet Exploiting Gravity SMTP WordPress Vulnerability

A detailed technical analysis of CVE-2026-4020, a critical vulnerability in the Gravity SMTP WordPress plugin that exposed sensitive credent

honeylabs.net·9d ago

OpenClaw Security Assessment by ZeroLeaks [pdf]

zeroleaks.ai·4mo ago

Cybersecurity Risks of AI-Powered Web Browsers: Experts Warn of Emerging Vulnerabilities

The article discusses the emerging trend of AI-powered web browsers like ChatGPT Atlas and Microsoft's Copilot Mode for Edge, which can answ

The Verge·7mo ago

FireTail: AI Security Platform for Enterprise-Wide AI Usage Discovery and Protection

FireTail is a platform that helps organizations discover, assess, and protect all AI usage across employees, browsers, devices, applications

Product Hunt·2mo ago

Study Finds 38% of Top Websites Use Third-Party Keystroke Interception That May Violate U.S. Wiretapping Laws

This paper presents a tech-law analysis examining the use of JavaScript event listeners by third-party trackers for real-time keystroke inte

arxiv.org·9mo ago

Google detects and blocks first known AI-assisted zero-day exploit

Google's Threat Intelligence Group has detected and stopped what it says is the first known zero-day exploit developed with AI assistance. T

The Verge·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.