Two of the Kremlin’s most active hack groups are collaborating, ESET says

Recent investigations have revealed that two prominent hacking groups linked to the Kremlin are joining forces to execute malware attacks targeting high-value devices in Ukraine. Security experts reported on Friday that Turla, renowned as one of the most advanced persistent threats globally, is collaborating with another group known as Gamaredon. Turla has gained notoriety for its meticulously planned operations against significant adversaries, including breaches of the US Department of Defense in 2008 and attacks on the German Foreign Office and France's military. This group is distinguished by its use of stealthy Linux malware and satellite-based internet connections, allowing it to operate discreetly while focusing on specific high-profile targets. In contrast, Gamaredon is recognized for its broader approach, frequently launching attacks on various organizations within Ukraine. Unlike Turla, Gamaredon appears unconcerned about being detected, actively seeking to gather extensive information from its targets swiftly. Both hacking groups are widely believed to be affiliated with Russia's Federal Security Service (FSB), the primary intelligence agency of the country. ESET, a cybersecurity firm, reported on Friday that it has observed the malware from both groups being installed on the same devices, indicating a significant level of collaboration. Researchers suggest that Turla may have leveraged Gamaredon's infrastructure, drawing parallels to a 2019 incident where Turla executed a hostile takeover of an attack platform from a competing Iranian hacking group. Moreover, Turla has previously co-opted resources from financially motivated cybercriminals in a campaign targeting Starlink-connected devices in Ukraine. The evolving tactics of these groups highlight the increasing complexity of cybersecurity threats in the region.