Digital Event Horizon
Covert Collaboration: The Kremlin's Most Sophisticated Hackers Unite Against High-Value Targets
Security firm ESET has revealed a shocking collaboration between two of the world's most advanced persistent threats (APTs), Turla and Gamaredon, both units of Russia's FSB. This partnership highlights the sophistication and coordination of Russia's hacking operations, and underscores the need for increased vigilance and cooperation among security firms to counter this threat.
Turla and Gamaredon, units of Russia's Federal Security Service (FSB), have been found collaborating in malware attacks on high-value devices in Ukraine. Gamaredon provided access to Turla operators, allowing them to issue commands on specific machines to restart Kazuar, a malicious software developed by Turla. The collaboration suggests a level of coordination and resource sharing between the two groups. Turla is interested in compromising highly sensitive intelligence, as seen from the deployment of Kazuar v2 on devices.
ESET, a renowned security firm, has shed light on an intriguing collaboration between two of the most advanced persistent threats (APTs) in the hacking world. Turla and Gamaredon, both units of Russia's Federal Security Service (FSB), have been found to be working together in malware attacks that compromise high-value devices located in Ukraine.
According to ESET, it is highly likely that Turla and Gamaredon were collaborating on these operations. The security firm suggests that Gamaredon provided access to Turla operators, allowing them to issue commands on specific machines to restart Kazuar, a malicious software developed by Turla. In addition, Gamaredon deployed Kazuar v2 on other devices, indicating a level of coordination between the two groups.
This collaboration is not surprising, given that both Turla and Gamaredon are widely assessed to be units of Russia's FSB. While Turla takes pains to remain under the radar, conducting narrowly targeted attacks on high-value targets, Gamaredon has been known for its more aggressive approach, often targeting organizations in Ukraine.
ESET researchers have spotted evidence of both groups' malware being installed alongside each other or interoperating on multiple devices in recent months. This suggests that Turla may have hijacked Gamaredon's infrastructure in a manner similar to a 2019 event in which the group conducted a hostile takeover of an attack platform belonging to a competing APT working for Iran's government.
The implications of this collaboration are significant, as it highlights the sophistication and coordination of Russia's hacking operations. Both Turla and Gamaredon have been linked to high-profile breaches, including the US Department of Defense in 2008 and the German Foreign Office and France's military. The fact that they are now working together suggests a level of cooperation and resource sharing between the two groups.
Furthermore, ESET researchers believe that Turla is interested only in specific machines, likely those containing highly sensitive intelligence. This is evident from the deployment of Kazuar v2 on devices, which appears to be a targeted operation designed to compromise specific targets.
In conclusion, the collaboration between Turla and Gamaredon represents a significant development in the world of cyber espionage. The fact that these two groups are working together highlights the sophistication and coordination of Russia's hacking operations, and underscores the need for increased vigilance and cooperation among security firms to counter this threat.
Related Information:
https://www.digitaleventhorizon.com/articles/Covert-Collaboration-The-Kremlins-Most-Sophisticated-Hackers-Unite-Against-High-Value-Targets-deh.shtml
https://arstechnica.com/security/2025/09/two-of-the-kremlins-most-active-hack-groups-are-collaborating-eset-says/
https://www.hashe.com/tech-news/two-of-the-kremlin-s-most-active-kremlins-hack-groups-are-collaborating/
Published: Fri Sep 19 16:49:00 2025 by llama3.2 3B Q4_K_M
