Turla group adds more malware to Russia’s espionage efforts against Ukraine

Turla group adds more malware to Russia’s espionage efforts against Ukraine
Russian state-backed hackers linked to Turla have spent years developing StockStay, a malware strain used to spy on Ukrainian government and military targets as well as entities in parts of Europe. Google says the malware has evolved to masquerade as legitimate software and is part of a broader effort to maintain persistent access through redundant malware ecosystems. #StockStay #Turla #SecretBlizzard #VenomousBear #Kazuar #FSB

Keypoints

  • StockStay has been under active development since at least December 2022.
  • Turla used it mainly against Ukrainian government and defense organizations.
  • Early StockStay samples were also found in several European countries.
  • The malware shares code and functionality with Turla’s earlier Kazuar framework.
  • Victims were infected through phishing emails using malicious RDP configuration files.

Read More: https://therecord.media/russia-turla-espionage-ukraine-stockstay-malware