Google's Threat Intelligence Group has uncovered a sophisticated cyber espionage campaign orchestrated by the Russian state-sponsored threat actor Turla, which has deployed a previously undocumented .NET backdoor against high-value targets in Ukraine and Italian foreign policy circles. This discovery highlights the evolving nature of state-sponsored cyber operations amidst ongoing geopolitical tensions, particularly as they relate to the conflict in Ukraine.
The newly identified malware, designated STOCKSTAY, represents a Windows-based backdoor that has been actively developed and maintained by Turla operatives. Analysis reveals that this threat has been specifically leveraged against Ukrainian government and military institutions, demonstrating the continued targeting of critical infrastructure and national security entities in the region. Additionally, organizations with interests in Italian foreign policy have been compromised, suggesting a broader intelligence collection objective that extends beyond immediate conflict zones.
Security researchers note that STOCKSTAY is built on the .NET framework, which provides Turla with multiple advantages including cross-platform compatibility and evasion capabilities. The backdoor's architecture allows for persistent access to compromised systems, data exfiltration, and potential lateral movement across networks. This represents a concerning evolution in Turla's malware arsenal
Comments (0)
Leave a Comment
No comments yet. Be the first to comment!