Gamaredon and Turla unite in cyberespionage campaign on high-value Ukrainian targets
Dubai, UAE – ESET Research has revealed a first-of-its-kind collaboration between two Russian FSB-linked cyber threat groups, Gamaredon and Turla, targeting high-profile entities in Ukraine. Gamaredon, known for widespread compromises via spearphishing and malicious LNK files, was observed deploying Turla’s advanced Kazuar backdoor on selected machines, indicating a targeted approach aimed at high-value intelligence.
According to ESET, while Gamaredon compromises hundreds or thousands of machines, Turla appears highly selective, focusing only on systems containing sensitive information. In early 2025, Gamaredon tools such as PteroGraphin, PteroOdd, and PteroPaste were used to deploy and even restart Turla’s Kazuar v2 and v3 backdoors, marking the first time technical indicators have directly linked these two groups in a joint operation.
“We believe with high confidence that both groups – separately associated with the FSB – are cooperating, with Gamaredon providing initial access to Turla,” says ESET researcher Zoltán Rusnák.
Turla, active since at least 2004 and known for high-profile espionage campaigns, has targeted governments and diplomatic entities globally. Gamaredon, active since 2013, primarily focuses on Ukrainian government institutions. This collaboration suggests a convergence of Russian cyber efforts, likely reinforced by the ongoing conflict in Ukraine.
ESET researchers Matthieu Faou and Zoltán Rusnák emphasized that these operations highlight the increasing sophistication of Russian cyberespionage, combining Gamaredon’s mass compromise capabilities with Turla’s precision targeting. The groups operate under separate divisions of the FSB—Center 18 for Gamaredon and Center 16 for Turla—yet recent activity indicates operational alignment against Ukrainian defense and government sectors.
The discovery underscores the evolving nature of state-sponsored cyber threats, where multiple threat actors coordinate to maximize impact. ESET’s research provides organizations and governments with early warning and technical insight into emerging attack methodologies.
