Russian Threat Actor Turla Evolves Kazuar Backdoor into P2P Botnet
The Russian state-sponsored group Turla has upgraded its Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence and stealthy data collection.
The Russian state-sponsored threat actor Turla, also known as Secret Blizzard, has evolved its long-running Kazuar backdoor into a sophisticated, modular peer-to-peer (P2P) botnet. This transformation is designed to enhance the group's capabilities for long-term persistence, stealthy operations, and extensive data collection on compromised hosts [BleepingComputer].
The updated Kazuar backdoor utilizes a P2P architecture, which allows the malware to communicate between infected machines, making it more resilient to detection and disruption. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Turla is assessed to be affiliated with Center 16 of Russia's Federal Security Service (FSB), highlighting the strategic nature of this development [The Hacker News].
Security researchers and defenders are advised to monitor for unusual P2P traffic patterns and unauthorized persistence mechanisms associated with Kazuar. The modular nature of the botnet suggests that Turla can easily deploy new capabilities, making it a persistent and evolving threat to targeted organizations.