Blog

Two of the Kremlin’s most active hack groups are collaborating, ESET says

Two of the Kremlin’s most active hack groups are collaborating, ESET says
20 Sep

Russia’s Cyber Hack Groups: Uncovering the Collaboration between Turla and Gamaredon

Recent findings by ESET, a renowned cybersecurity firm, have shed light on a potential collaboration between two of Russia’s most active hack groups, Turla and Gamaredon. The discovery has significant implications for the cybersecurity landscape, as it suggests that these groups may be working together to achieve their objectives.

Understanding the Groups’ Tactics and Motivations

ESET’s research reveals that Turla and Gamaredon, both part of the Russian FSB, may be sharing resources and expertise to compromise specific machines and gather sensitive intelligence. The company’s findings are based on observations of four distinct co-compromises in Ukraine, where Gamaredon deployed a range of tools, including PteroLNK, PteroStew, PteroOdd, PteroEffigy, and PteroGraphin. Turla, on the other hand, installed version 3 of its proprietary malware, Kazuar.

The collaboration between the two groups is believed to have started in February, when ESET researchers spotted the co-compromises. The company’s software, installed on one of the compromised devices, observed Turla issuing commands through the Gamaredon implants. This suggests that Gamaredon may have provided access to Turla operators, allowing them to restart Kazuar and deploy Kazuar v2 on specific machines.

Technical Indicators and Evidence

ESET’s analysis highlights the use of PteroGraphin to restart Kazuar, possibly after the malware crashed or failed to launch automatically. This is the first time that the company has been able to link the two groups together via technical indicators. The findings also show that Gamaredon deployed Kazuar v2 installers in April and June, further supporting the theory of an active collaboration between the groups.

The fact that Gamaredon is compromising hundreds, if not thousands, of machines suggests that Turla is interested in specific machines containing highly sensitive intelligence. This targeted approach implies a high level of sophistication and planning, underscoring the need for robust cybersecurity measures to counter these threats.

Conclusion and Recommendations

In conclusion, the potential collaboration between Turla and Gamaredon highlights the evolving nature of cyber threats and the need for increased vigilance. As cybersecurity experts, it is essential to stay informed about the latest developments and to implement effective countermeasures to protect against these threats. For more information on this topic, please visit Here

Image Credit: arstechnica.com

Newer Should You Really Be Worried?
Back to list
Older Why California’s SB 53 might provide a meaningful check on big AI companies

Leave a Reply

Your email address will not be published. Required fields are marked *