Russian hackers turn Kazuar backdoor into modular P2P botnet

The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection.

Secret Blizzard, whose activity overlaps that of Turla, Uroburos, and Venomous Bear, has been associated with the Russian intelligence service (FSB) and is known for targeting government and diplomatic organizations, defense-related entities, and critical systems across Europe, Asia, and Ukraine.

The Kazuar malware has been documented since 2017, and researchers found that its code lineage goes as far back as 2005. Its activity has been linked to the Turla espionage group working for the FSB.

In 2020, researchers exposed its deployment in attacks targeting European government organizations. Three years later, it was seen deployed in attacks against Ukraine.

“Leading” Kazuar

Russian hackers turn Kazuar backdoor into modular P2P botnet

Other newsrooms on this story

Related reading

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Other newsrooms on this story

Related reading

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware,…

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain…

The Kremlin's Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

Two of the Kremlin’s most active hack groups are collaborating, ESET says