ESET suggests that the Russian groups Turla and Gamaredon are collaborating, with Gamaredon providing access for Turla to deploy and restart Kazuar malware. Evidence indicates ongoing joint operations targeting highly sensitive machines, especially in Ukraine. #Turla #Gamaredon #Kazuar
Keypoints
- ESET hypothesizes a collaboration between Turla and Gamaredon, both linked to the Russian FSB.
- Gamaredon has previously collaborated with other hacking groups, including InvisiMole in 2020.
- Multiple co-compromised machines in Ukraine involved the deployment of various malware tools, including Kazuar and Ptero variants.
- Turla used PteroGraphin to restart Kazuar, likely as a recovery method after crashes.
- Evidence points to Turla targeting specific, highly sensitive machines, possibly for intelligence gathering.