Turla APT Uses Fresh Variant of Kazuar Backdoor to Target Ukrainian Defense Sector
Unit 42 researchers have discovered an upgraded variant of the Kazuar backdoor, which is used by the Russian-based threat group Pensive Ursa. This new variant of Kazuar is being used to target the Ukrainian defense sector, specifically assets in Signal messages, source control, and cloud platforms. Kazuar is known for its advanced and stealthy capabilities, and it has been observed targeting European government and military organizations in the past. The authors of Kazuar have put special emphasis on its ability to evade detection and analysis through advanced anti-analysis techniques and encryption. This article provides a detailed technical analysis of Kazuar and offers recommendations for detection and prevention.