Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Publish Date: 2026-05-16 12:57:00
Source Domain: securityaffairs.com
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Pierluigi Paganini
May 16, 2026
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems.
Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection and disruption more difficult.
The Turla APT group (aka Secret Blizzard, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Russia-nexus actor is assessed to be affiliated with Center 16 of Russia’s Federal Security Service (FSB).
The hacking group is known for its attacks targeting government, diplomatic, and defense sectors in Europe and Central Asia, as well as endpoints previously breached by Aqua Blizzard (aka Actinium and Gamaredon) to support the Kremlin’s strategic objectives.
Kazuar, the malware linked to the Russian state-backed group Secret Blizzard, has evolved from a traditional backdoor into a sophisticated modular peer-to-peer botnet designed for stealth, resilience, and long-term espionage operations.
“Over time, Kazuar has expanded from a relatively traditional backdoor into a highly modular peer-to-peer (P2P) botnet ecosystem designed to enable persistent, covert access to target environments.” reads the analysis published by Microsoft. “This upgrade aligns with Secret Blizzard’s broader objective of gaining long-term access to systems for intelligence…
