Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Ravie LakshmananMay 15, 2026Botnet / Threat Intelligence

The Russian state-sponsored hacking group known as

Turla

has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts.

Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia's Federal Security Service (FSB). It overlaps with activity traced by the broader cybersecurity community under the names ATG26, Blue Python, Iron Hunter, Pensive Ursa, Secret Blizzard (formerly Krypton), Snake, SUMMIT, Uroburos, Venomous Bear, Waterbug, and WRAITH.

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Other newsrooms on this story

Related reading

Two of the Kremlin’s most active hack groups are collaborating, ESET says

The Kremlin's Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

KongTuke hackers now use Microsoft Teams for corporate breaches

Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware,…