惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
SecWiki News
SecWiki News
WordPress大学
WordPress大学
小众软件
小众软件
博客园 - 司徒正美
酷 壳 – CoolShell
酷 壳 – CoolShell
V
Visual Studio Blog
Y
Y Combinator Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
云风的 BLOG
云风的 BLOG
MyScale Blog
MyScale Blog
K
Kaspersky official blog
T
The Exploit Database - CXSecurity.com
腾讯CDC
Scott Helme
Scott Helme
I
InfoQ
Cyberwarzone
Cyberwarzone
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Security Latest
Security Latest
The Register - Security
The Register - Security
Project Zero
Project Zero
F
Fortinet All Blogs
C
CERT Recently Published Vulnerability Notes
A
Arctic Wolf
C
Cisco Blogs
L
LINUX DO - 热门话题
P
Privacy International News Feed
IT之家
IT之家
U
Unit 42
P
Privacy & Cybersecurity Law Blog
H
Help Net Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Palo Alto Networks Blog
F
Full Disclosure
宝玉的分享
宝玉的分享
Simon Willison's Weblog
Simon Willison's Weblog
L
Lohrmann on Cybersecurity
Google DeepMind News
Google DeepMind News
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
PCI Perspectives
PCI Perspectives
Hugging Face - Blog
Hugging Face - Blog
AWS News Blog
AWS News Blog
MongoDB | Blog
MongoDB | Blog
S
Schneier on Security
Recent Announcements
Recent Announcements
Forbes - Security
Forbes - Security
Cisco Talos Blog
Cisco Talos Blog

The Record from Recorded Future News

Justices rule that cellphone location histories are protected by the Fourth Amendment US racks up about 400 wins over illegal World Cup streaming sites US posts $10 million reward over Russian cyber campaign targeting Signal, WhatsApp Ukraine to use seized crypto from cybercrime group to buy war bonds Russia accuses Apple of ‘political censorship’ after VK apps removed from App Store Russia used social engineering to breach prominent messaging accounts, Ukraine says FCC votes to toughen rules in bid to better protect undersea cables DHS chief says president has met with potential CISA nominee; agency plans to hire 600 Another Russian dairy company reportedly disrupted by cyberattack Ukraine's state postal operator reports app disruption after cyberattack Russia used Cellebrite phone-hacking tool to crack down on dissident after firm cut off country Three ‘cybercrime as a service’ operations undercut by Microsoft, law enforcement German rail services resume after wireless communications outage Indian auto giant Bajaj Auto hit by ransomware incident Five Eyes agencies sound alarm about AI’s threat to cybersecurity Feds seize alleged cyber-scam infrastructure connected to Southeast Asian company Trump directs federal agencies to protect US data from quantum threats Compromise kids online safety bill unveiled by House leaders, with key omission Two Scattered Spider members plead guilty over cyberattack that crippled London transit Tata Electronics confirms cyberattack after alleged Apple, Tesla documents appear online Suspected cyberattack triggers false emergency alerts across parts of Brazil Police raid malware network tied to Russia's Evil Corp hacker group UK's information commissioner resigns over ‘inappropriate humour’ Bulgaria allowed surveillance tech firm to sell products to repressive regimes, report says Australian sugar producer works to restore operations as ransomware group claims attack Hostile states behind three-quarters of attacks on Britain's critical infrastructure, cyber chief warns EU grants Ukraine access to cybersecurity reserve for major attacks Warner warns of CISA cuts, staffing gaps in letter to acting chief GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say India's Telegram ban draws criticism from Durov as company challenges order in court India temporarily blocks Telegram over medical exam cheating fears UK to ban social media access for children under 16 Estonia to quarantine emails sent from Russian .ru domain /maine-turns-off-breach-portal-fake-reports Cyberattack on Russian tech firm Astral disrupts business, government services for week Finland brings charges against cargo ship officers for cutting submarine cables Anthropic says US government forced it to disable cybersecurity AI models Belarus-linked hackers target Gmail accounts of Polish public figures and their families Bankruptcy admin approves settlement fund of $47 million for 23andMe data breach victims Major US surveillance program poised to lapse after legislative deadlock South Korea hits Coupang with record $409 million fine over data breach Cyber Force not included in Senate defense policy roadmap British high school sends students home following cyberattack Hacker linked to Void Blizzard faces charges over cyberespionage campaign University of Nottingham confirms cyber incident as Shiny Hunters group claims data theft CISA to require federal agencies to patch some cyber vulnerabilities within 3 days Cyberattack shuts down major Australian sugar mills, disrupting harvest Microsoft ships largest Patch Tuesday on record, with one bug under active attack UK weakens proposed telecoms defenses against Chinese hackers after industry pushback CISA to transform how it assesses cyber vulnerabilities and risks, Andersen says Hackers pose as women seeking romance to spy on Russian soldiers UK gives big tech 3 months to create device controls to block nude images of kids EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers Apple removes Russia’s state-backed messaging app Max from its store Trump considers Palantir exec to lead CISA FTC considers setting aside or modifying $150 million privacy penalty against X Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’ Supreme Court rules FCC fines punishing telecom giants for sharing location data were legal UN food agency investigates breach exposing data of Gaza aid recipients Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process Five Eyes warn Chinese spies are using job sites to recruit insiders CISA directive for AI executive order to be released this week, Andersen says DHS chief signals efforts to reshape CISA New cyber force would cost up to $11 billion to start, commission says White House unveils pared-back AI executive order Russia claims foreign spy agencies hacked officials' phones Red Hat removes tainted packages after software pipeline compromise Spain arrests suspected hacker for publishing personal data of police, prosecutors and cyber officials Microsoft says it will not pursue security researchers after zero-day backlash Inspector general finds NIST mistakes have made vulnerability database ineffective NSA selects new leads for key cybersecurity posts Afghan finance officials targeted by suspected Pakistani cyberespionage campaign Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more Cruise giant Carnival confirms data breach affecting nearly 6 million people Canadian man gets 33 years for using social media to coerce US children into sending sexual content Chinese-speaking fraud gang could be stealing millions from 2026 World Cup fans Russia conducting daily attacks on UK 'from seabed to cyberspace,' spy chief warns
Turla group adds more malware to Russia’s espionage efforts against Ukraine
Daryna Antoniuk · 2026-06-26 · via The Record from Recorded Future News

Russian state-backed hackers have spent years developing and deploying a little-known malware strain to spy on Ukrainian government and military organizations, as well as entities of interest across Europe, according to new research.

The malware, dubbed StockStay, has been under active development since at least December 2022, researchers at Google said in a report published on Thursday. It was primarily used to target Ukrainian government and defense organizations, although early samples of the malware were also identified in Italy, the Netherlands, Poland and Germany.

Turla, also tracked as Secret Blizzard and Venomous Bear, is one of Russia's longest-running cyber-espionage groups and has been linked by Western governments and cybersecurity researchers to Russia's Federal Security Service (FSB).

Google said StockStay shares significant code and functionality with Kazuar, another Turla malware framework previously used in cyberespionage operations against military and defense targets in Ukraine. The researchers said they believe StockStay was deliberately developed in Kazuar's image, reflecting the group's experience with the older toolkit.

"The group appears to be investing in redundant, parallel malware ecosystems to ensure persistent access even when individual tools are discovered and remediated," Google said in a statement to Recorded Future News, describing Turla as "an ongoing and active threat."

Researchers said StockStay has evolved considerably since its first appearance. Originally disguised as a stock market application, the malware has more recently masqueraded as legitimate software such as PDF readers and calculator programs.

Victims were typically infected through phishing emails containing malicious Remote Desktop Protocol (RDP) configuration files that connected compromised computers to infrastructure controlled by the attackers, allowing them to deploy additional malware.

Researchers said Turla repeatedly used academic and diplomatic themes to lure victims. In one campaign, the attackers sent phishing emails from a compromised account belonging to a Ukrainian university. In another, they abused a diplomatic education platform to distribute malicious emails and files.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。