Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

Save

Google's Threat Intelligence Group has uncovered a sophisticated cyber espionage campaign orchestrated by the Russian state-sponsored threat actor Turla, which has deployed a previously undocumented .NET backdoor against high-value targets in Ukraine and Italian foreign policy circles. This discovery highlights the evolving nature of state-sponsored cyber operations amidst ongoing geopolitical tensions, particularly as they relate to the conflict in Ukraine.

The newly identified malware, designated STOCKSTAY, represents a Windows-based backdoor that has been actively developed and maintained by Turla operatives. Analysis reveals that this threat has been specifically leveraged against Ukrainian government and military institutions, demonstrating the continued targeting of critical infrastructure and national security entities in the region. Additionally, organizations with interests in Italian foreign policy have been compromised, suggesting a broader intelligence collection objective that extends beyond immediate conflict zones.

Security researchers note that STOCKSTAY is built on the .NET framework, which provides Turla with multiple advantages including cross-platform compatibility and evasion capabilities. The backdoor's architecture allows for persistent access to compromised systems, data exfiltration, and potential lateral movement across networks. This represents a concerning evolution in Turla's malware arsenal

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!