{"id":201362,"date":"2024-12-12T06:44:43","date_gmt":"2024-12-12T12:44:43","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2024\/12\/secret-blizzard-deploys-kazuar-backdoor-in-ukraine-using-amadey-malware-as-a-service"},"modified":"2024-12-12T06:44:43","modified_gmt":"2024-12-12T12:44:43","slug":"secret-blizzard-deploys-kazuar-backdoor-in-ukraine-using-amadey-malware-as-a-service","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2024\/12\/secret-blizzard-deploys-kazuar-backdoor-in-ukraine-using-amadey-malware-as-a-service","title":{"rendered":"Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/secret-blizzard-deploys-kazuar-backdoor-in-ukraine-using-amadey-malware-as-a-service.jpg\"><\/a><\/p>\n<p>Secret Blizzard has a track record of targeting various sectors to facilitate long-term covert access for intelligence collection, but their primary focus is on ministries of foreign affairs, embassies, government offices, defense departments, and defense-related companies across the world.<\/p>\n<p>The latest report comes a week after the tech giant, along with Lumen Technologies Black Lotus Labs, <a href=\"https:\/\/thehackernews.com\/2024\/12\/russia-linked-turla-exploits-pakistani.html\" rel=\"noopener\" target=\"_blank\">revealed<\/a> Turla\u2019s hijacking of 33 command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to carry out its own operations.<\/p>\n<p>The attacks targeting Ukrainian entities entail commandeering <a href=\"https:\/\/www.splunk.com\/en_us\/blog\/security\/amadey-threat-analysis-and-detections.html\" rel=\"noopener\" target=\"_blank\">Amadey bots<\/a> to deploy a backdoor known as <a href=\"https:\/\/securelist.com\/the-epic-turla-operation\/65545\/\" rel=\"noopener\" target=\"_blank\">Tavdig<\/a>, which is then used to install an updated version of <a href=\"https:\/\/thehackernews.com\/2023\/11\/turla-updates-kazuar-backdoor-with.html\" rel=\"noopener\" target=\"_blank\">Kazuar<\/a>, which was documented by Palo Alto Networks Unit 42 in November 2023.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Secret Blizzard has a track record of targeting various sectors to facilitate long-term covert access for intelligence collection, but their primary focus is on ministries of foreign affairs, embassies, government offices, defense departments, and defense-related companies across the world. The latest report comes a week after the tech giant, along with Lumen Technologies Black Lotus [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1490,6],"tags":[],"class_list":["post-201362","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-government","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/201362","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=201362"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/201362\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=201362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=201362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=201362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}