Which organizations are known to be affiliated with Gamaredon and Turla?

Gamaredon is attributed to the 18th Center of Information Security of Russia's FSB, while Turla is linked to a wide range of intrusions.

What was observed in February 2025 regarding Gamaredon and Turla's collaboration?

In February 2025, ESET detected four instances where both groups compromised the same machine, with Gamaredon's tool restarting Turla's Kazuar v3 backdoor.

What is the significance of the collaboration between Gamaredon and Turla?

The collaboration highlights the growing threat of state-sponsored cyberattacks, particularly against high-profile Ukrainian entities.

Gamaredon and Turla Collaborate on Cyberespionage Against Ukrainian Entities

Q: What is the collaboration between Gamaredon and Turla about?

The collaboration involves cyberespionage operations targeting high-profile Ukrainian entities.

ESET researchers detail collaboration between Russian-backed APT groups, marking a significant shift in tactics. The joint efforts compromise sensitive machines in Ukraine.

Russian-backed APT groups Gamaredon and Turla have been found to be collaborating on cyberespionage operations targeting high-profile Ukrainian entities, according to a recent report by ESET researchers. This collaboration marks a significant shift in tactics for both groups, which are known for their sophisticated cyber activities and affiliation with Russia's Federal Security Service (FSB). The joint efforts of Gamaredon and Turla have resulted in the compromise of sensitive machines in Ukraine, highlighting the growing threat of state-sponsored cyberattacks.

What Happened

ESET researchers have detailed several instances where both groups' tools were found on the same compromised machines in Ukraine. This collaboration was first observed in February 2025, when ESET detected four instances involving both Gamaredon and Turla compromising the same machine. Notably, Gamaredon's tool, PteroGraphin, was used to restart Turla's Kazuar v3 backdoor on one of these machines, suggesting a recovery mechanism employed by Turla through Gamaredon's implants.

Further evidence of collaboration emerged in April and June 2025, when ESET detected Kazuar v2 installers being directly deployed by Gamaredon's tools. This confirms active cooperation between the two groups to gain access to specific Ukrainian systems. The researchers also found that Turla is focusing on a smaller number of high-value targets, likely those containing highly sensitive intelligence.

Background and Context

Gamaredon has been attributed by the Security Service of Ukraine (SSU) to the 18th Center of Information Security of Russia's FSB. The group has been targeting Ukrainian governmental institutions since at least 2013, with a significant increase in activity in 2024. Gamaredon's toolset underwent several notable updates, including the introduction of six new malware tools designed primarily for stealth, persistence, and lateral movement.

Turla is another prominent Russian-backed APT group known for its sophisticated cyberespionage activities. The group has been linked to a wide range of intrusions and has a broad arsenal of tools and tactics at its disposal. Turla's victim count in Ukraine over the past 18 months is relatively low, indicating that it is likely focusing on high-value targets.

Why It Matters

The collaboration between Gamaredon and Turla highlights the growing threat of state-sponsored cyberattacks. This partnership demonstrates a level of sophistication and coordination that is increasingly common in the world of APT groups. The joint efforts of these two groups have resulted in the compromise of sensitive machines in Ukraine, highlighting the need for robust cybersecurity measures to protect against such attacks.

For adult-industry platforms and operators, this development serves as a reminder of the importance of staying vigilant against cyber threats. As the industry continues to rely on digital infrastructure, it is essential to invest in robust security measures that can detect and prevent sophisticated attacks like those carried out by Gamaredon and Turla.

What Comes Next

The collaboration between Gamaredon and Turla marks a significant shift in tactics for both groups. As the threat landscape continues to evolve, it is essential for cybersecurity professionals to stay informed about the latest developments and adapt their strategies accordingly. The industry must remain vigilant against cyber threats and invest in robust security measures to protect against sophisticated attacks.

Key Facts

Gamaredon and Turla have been found to be collaborating on cyberespionage operations targeting high-profile Ukrainian entities.
The collaboration was first observed in February 2025, with further evidence emerging in April and June 2025.
Turla is focusing on a smaller number of high-value targets, likely those containing highly sensitive intelligence.
Gamaredon's toolset underwent several notable updates, including the introduction of six new malware tools designed primarily for stealth, persistence, and lateral movement.
The joint efforts of Gamaredon and Turla have resulted in the compromise of sensitive machines in Ukraine.
The collaboration highlights the growing threat of state-sponsored cyberattacks and the need for robust cybersecurity measures to protect against such attacks.