Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Turla Kazuar modular P2P botnet

Malware Activity
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

Turla has refactored its Kazuar backdoor into a modular peer-to-peer (P2P) botnet, strengthening stealth and persistent access on compromised hosts. The redesign gives the malware more flexible tasking and a smaller observable footprint. It also supports encrypted staging and exfiltration of collected data. The shift matters because it improves long-term operator control over infected systems.

Related Happenings

Secret Blizzard Kazuar modular P2P botnet

Malware Activity
First: 16.05.2026 17:15 Last: 16.05.2026 17:15 Sources 1

About this happening: **Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...

Open Happening

Medusa ransomware post-compromise deployment

Malware Activity
First: 07.04.2026 09:35 Last: 07.04.2026 09:35 Sources 1

About this happening: **Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...

Open Happening

Timeline

  1. 15.05.2026 20:10 2 articles · 12d ago

    Turla discloses Kazuar modular P2P botnet

    Initial Disclosure

    Microsoft Threat Intelligence reported that Turla transformed Kazuar, a .NET backdoor used since 2017, into a modular peer-to-peer (P2P) botnet designed for stealth and persistent access to compromised hosts. The redesign splits functionality across Kernel, Bridge, and Worker modules that coordinate tasking, logging, collection, and exfiltration, with droppers such as Pelmeni and ShadowLoader used to decrypt and launch the modules.

    Show sources
    Open in new tab