All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Turla (Secret Blizzard) APT: STOCKSTAY and Kazuar Backdoors Explained

By

[email protected] (Umut Bayram)

2d agoen

Source

picussecurity.comTurla (Secret Blizzard) APT: STOCKSTAY and Kazuar Backdoors Explainedpicussecurity.com
Snippet from the RSS feed
Key Takeaways Turla, linked to Russia's FSB, has conducted cyber-espionage operations against governments and military organizations since 2004. The group routinely hijacks other threat actors' infrastructure to deploy its own tools and expand operational reach. STOCKSTAY and Kazuar backdoors form the core of Turla's custom malware toolset for long-term intelligence collection. Turla conceals command-and-control traffic by routing it through legitimate services like Cloudflare Workers and GitHub. The Picus Platform lets security teams simulate Turla attacks and validate defenses against its observed techniques. Turla (aka Secret Blizzard, Snake, and Uroburos) is a Russia-aligned advanced persistent threat (APT) group linked to the Federal Security Service (FSB), active since at least 2004. It is one of the longest-running cyber-espionage operations tracked publicly.

You might also wanna read

Google Threat Intelligence Analyzes Turla's STOCKSTAY .NET Backdoor Used in Cyber Espionage Against Ukraine and Europe

Google Threat Intelligence Group's analysis of STOCKSTAY, a .NET backdoor used by the Russian state-sponsored threat actor Turla for cyber e

hendryadrian.com·12d ago

China-Linked Velvet Ant Group Backdoored Linux Login Software for Nearly a Decade in Operation Highland

Security firm Sygnia has uncovered a long-running cyber espionage campaign called Operation Highland, linked to the China-nexus threat group

hendryadrian.com·25d ago

North Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers

A cybersecurity threat report detailing how the threat actor group "Famous Chollima" (linked to North Korea) targeted PHP developers by comp

hendryadrian.com·1mo ago

Russian APT Group Gamaredon Upgrades Cyber Espionage Tactics, Demanding New Enterprise Defenses

The Russian state-sponsored APT group Gamaredon (aka Aqua Blizzard, Armageddon, BlueAlpha) has significantly upgraded its cyber espionage ta

darkreading.com·12d ago

North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package

A malicious obfuscated JavaScript payload was discovered appended to tailwind.js in the Packagist development version dev-drewroberts/featur

socket.dev·1mo ago

Mistic Backdoor and ModeloRAT Deployed in Financially Motivated Attacks Linked to KongTuke

A financially motivated cyberattack campaign since April 2026 deploys the Mistic backdoor (MLTBackdoor) alongside ModeloRAT, targeting insur

briefly.co·13d ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.