Lucene search
K

17 matches found

The Hacker News
The Hacker News
added 2026/05/15 5:10 p.m.20 views

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer P2P botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency CISA, is assess...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/14 3:0 p.m.13 views

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

6.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/14 3:0 p.m.14 views

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/19 8:24 a.m.3 views

Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine

Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/11 6:2 p.m.11 views

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observ...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/01 7:21 a.m.44 views

Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection

The Russia-linked hacking crew known as Turla has been observed using an updated version of a known second-stage backdoor referred to as Kazuar. The new findings come from Palo Alto Networks Unit 42, which is tracking the adversary under its constellation-themed moniker Pensive Ursa. "As the code...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/20 9:40 a.m.35 views

Turla's New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck aka CAPIBAR or GAMEDAY that's capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/24 2:0 p.m.3 views

Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering

The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher an...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/09/29 2:45 p.m.27 views

‘Tomiris’ Backdoor Linked to SolarWinds Malware

Researchers have discovered a campaign delivering a previously unknown backdoor they’re calling Tomiris. Analysis of the new malware suggests that we may not have heard the last from the Nobelium advanced persistent threat APT behind the sprawling SolarWinds supply-chain attacks of 2020. Namely,...

6.8AI score
Exploits0References18
Securelist
Securelist
added 2021/05/31 10:0 a.m.532 views

IT threat evolution Q1 2021

Targeted attacks Putting the A into APT In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The companys Orion IT, a solution for monitoring and managing customers IT infrastructure, was compromised by threat actors. This resulte...

10CVSS0.6AI score0.99999EPSS
Exploits68
Rapid7 Blog
Rapid7 Blog
added 2021/01/12 7:35 p.m.156 views

Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations

This update is a continuation of our previous coverage of the SolarWinds supply-chain attack that was discovered by FireEye in December 2020. As of Jan. 11, 2021, new research has been published that expands the security community’s understanding of the breadth and depth of the SolarWinds attack...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/12 5:29 a.m.45 views

Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor

As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform. Called "Sunspot," the malignant tool ad...

1.1AI score
Exploits0
ThreatPost
ThreatPost
added 2021/01/11 5:53 p.m.42 views

SolarWinds Hack Potentially Linked to Turla APT

New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat APT group. Researchers at Kaspersky have uncovered several code similarities between Sunburst and the Kazuar backdoor...

7.3AI score
Exploits0References18
The Hacker News
The Hacker News
added 2021/01/11 1:22 p.m.41 views

Researchers Find Links Between Sunburst and Russian Kazuar Malware

Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/11 1:22 p.m.5 views

Researchers Find Links Between Sunburst and Russian Kazuar Malware

Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that...

5.9AI score
Exploits0
Securelist
Securelist
added 2021/01/11 10:0 a.m.87 views

Sunburst backdoor – code overlaps with Kazuar

Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2020/10/28 5:14 p.m.45 views

Russian Espionage Group Updates Custom Malware Suite

The advanced persistent threat APT known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access. Russia-tied Turla a.k.a. Ouroboros, Snake, Venomous Bear or Waterbug is a...

7.6AI score
Exploits0References7
Rows per page
Query Builder