Russia-Linked APT Groups Gamaredon and Turla Team Up to Target Ukraine
Cybersecurity experts have uncovered a worrying collaboration between two Russia-linked advanced persistent threat (APT) groups, Gamaredon and Turla, in targeting high-profile networks in Ukraine between February and April 2025. The coordinated efforts of these groups, both tied to the Russian FSB, have put significant pressure on sensitive Ukrainian entities during a tense geopolitical climate.
ESET, a leading cybersecurity firm, discovered evidence of this collaboration, revealing how different threat actors can work together to maximize their impact. Gamaredon, known for its broad targeting, initially gained access to systems, likely through spear-phishing campaigns and malicious LNK files on removable drives. Once inside, the group deployed tools like PteroLNK and PteroGraphin to restart systems and create an opening for Turla.
Turla, focusing on a few highly valuable targets, then launched its Kazuar malware on select Ukrainian systems. ESET spotted four co-compromises in early 2025, where this collaborative approach was evident. The most likely scenario is that Gamaredon provided access to Turla operators, enabling them to target specific systems more effectively.
The collaboration between Gamaredon and Turla underscores the evolving threat landscape in Ukraine. ESET has released indicators of compromise (IoCs) and samples to help organizations protect against these threats. As geopolitical tensions persist, it is crucial for cybersecurity stakeholders to remain vigilant and share information to counter coordinated cyberattacks.
Read also:
- China's Automotive Landscape: Toyota's Innovative Strategy in Self-Driving Vehicles
- Strengthening Defense Against Combined Cyber Threats during the Age of Technological Autocracy
- Nissan Fortifies Supply Chain and Cybersecurity with KPMG, PwC Partnerships
- Enlarged Financial Plan of MGM Osaka Integrated Resort Surpasses $10 Billion Mark
