"This upgrade aligns with Secret Blizzard's broader objective of gaining long-term access to systems for intelligence collection. While many threat actors rely on increasing usage of native tools (living-off-the-land binaries (LOLBins)) to avoid detection, Kazuar's progression into a modular bot highlights how Secret Blizzard is engineering resilience and stealth directly into their tooling."
"A key tool in Turla's arsenal is Kazuar, a sophisticated .NET backdoor that has been consistently put to use since 2017. The latest findings from Microsoft charts its evolution from a "monolithic" framework into a modular bot ecosystem featuring three distinct component types, each with its own well-defined roles. These changes enable flexible configuration, reduce observable footprint, and facilitate broad tasking."
"Attacks distributing the malware have been found to rely on droppers like Pelmeni and ShadowLoader to decrypt and launch the modules. The three module types that form the foundation for Kazuar's archit"
Turla has converted its Kazuar .NET backdoor into a modular peer-to-peer botnet designed for stealth and long-term persistence on compromised systems. Kazuar has been used since 2017 and evolved from a monolithic framework into an ecosystem of three component types with defined roles. The modular design supports flexible configuration, reduces observable footprint, and enables broad tasking. Malware delivery has been observed using droppers such as Pelmeni and ShadowLoader, which decrypt and launch the modules. Turla is assessed to be affiliated with Russia’s FSB Center 16 and overlaps with multiple threat names used by the broader cybersecurity community. Targeting focuses on government, diplomatic, and defense sectors across Europe and Central Asia.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]