Turla Upgrades Kazuar Backdoor to Resilient P2P Botnet Targeting Governments
Microsoft's Security Blog published a detailed analysis on May 14, 2026, revealing that Turla, a Russian FSB-linked state-sponsored hacking group, has significantly upgraded its Kazuar backdoor. The malware, in use since at least 2017, has been transformed from a traditional command-and-control backdoor into a modular peer-to-peer botnet with no single point of failure. The upgraded variant supports dynamically loaded plugins for credential theft, lateral movement, and data exfiltration, while using encrypted custom protocols and legitimate system tools to evade detection. Primary targets include government ministries, diplomatic missions, and defense organizations across Europe and Central Asia. Researchers from Palo Alto Networks' Unit 42 and SecurityAffairs noted the P2P architecture is deliberately designed for long-term resilience, allowing the botnet to persist even after partial remediation by defenders.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in