{"id":247520,"date":"2026-05-16T12:57:00","date_gmt":"2026-05-16T16:57:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/16\/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution\/"},"modified":"2026-05-17T12:10:18","modified_gmt":"2026-05-17T16:10:18","slug":"russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/16\/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution\/","title":{"rendered":"Russian APT Turla builds long-term access tool with Kazuar Botnet evolution"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/192231\/apt\/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution.html\">Russian APT Turla builds long-term access tool with Kazuar Botnet evolution<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192231\/apt\/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution.html\">https:\/\/securityaffairs.com\/192231\/apt\/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-16 12:57:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Russian APT Turla builds long-term access tool with Kazuar Botnet evolution<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> May 16, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-48.png?fit=1350%2C824&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems.<\/h2>\n<p>Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection and disruption more difficult. <\/p>\n<p>The\u00a0Turla\u00a0APT group (aka Secret Blizzard,\u00a0Snake,\u00a0Uroburos,\u00a0Waterbug,\u00a0Venomous Bear\u00a0and\u00a0KRYPTON)\u00a0 has been active since\u00a0at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.<\/p>\n<p>According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Russia-nexus actor is assessed to be affiliated with Center 16 of Russia\u2019s Federal Security Service (FSB). <\/p>\n<p>The hacking group is known for its attacks targeting government, diplomatic, and defense sectors in Europe and Central Asia, as well as\u00a0endpoints previously breached by Aqua Blizzard\u00a0(aka Actinium and Gamaredon) to support the Kremlin\u2019s strategic objectives.<\/p>\n<p>Kazuar, the malware linked to the Russian state-backed group Secret Blizzard, has evolved from a traditional backdoor into a sophisticated modular peer-to-peer botnet designed for stealth, resilience, and long-term espionage operations. <\/p>\n<p>\u201cOver time, Kazuar has expanded from a relatively traditional backdoor into a highly modular peer-to-peer (P2P) botnet ecosystem designed to enable persistent, covert access to target environments.\u201d reads the analysis published by Microsoft. \u201cThis upgrade aligns with Secret Blizzard\u2019s broader objective of gaining long-term access to systems for intelligence&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192231\/apt\/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Russian APT Turla builds long-term access tool with Kazuar Botnet evolution https:\/\/securityaffairs.com\/192231\/apt\/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution.html Publish Date: 2026-05-16&#8230;<\/p>\n","protected":false},"author":1,"featured_media":247521,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/05\/image-48.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-247520","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/247520"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=247520"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/247520\/revisions"}],"predecessor-version":[{"id":247522,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/247520\/revisions\/247522"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/247521"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=247520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=247520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=247520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}