CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Gamaredon and Turla collaboration to deploy Kazuar Backdoor in Ukraine

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

Gamaredon and Turla, two Russian cyber espionage groups, have been collaborating to target Ukrainian entities. The groups used Gamaredon's tools to deploy Turla's Kazuar backdoor on multiple Ukrainian machines. This collaboration began in February 2025 and continued through June 2025, with a focus on the Ukrainian defense sector. The attack involved Gamaredon's tools PteroGraphin, PteroOdd, and PteroPaste to deliver the Kazuar backdoor. The collaboration indicates a coordinated effort to gain access to specific machines in Ukraine and deliver the Kazuar backdoor. Gamaredon and Turla are both affiliated with the Russian Federal Security Service (FSB). The collaboration is likely fueled by Russia's full-scale invasion of Ukraine in 2022.

Timeline

  1. 19.09.2025 11:24 πŸ“° 1 articles Β· ⏱ 10h ago

    Gamaredon and Turla collaboration to deploy Kazuar Backdoor in Ukraine

    In February 2025, Gamaredon and Turla began collaborating to target Ukrainian entities. The groups used Gamaredon's tools to deploy Turla's Kazuar backdoor on multiple Ukrainian machines. The attacks continued through June 2025, with a focus on the Ukrainian defense sector. The collaboration is likely fueled by Russia's full-scale invasion of Ukraine in 2022. The attacks involved the use of PteroGraphin, PteroOdd, and PteroPaste to deliver the Kazuar backdoor. Kazuar v2 and v3 share the same codebase, with v3 introducing additional network transport methods.

    Show sources
    Open in new tab

Information Snippets