← Back to BrewedIntel
adversaryhighAdvanced Persistent ThreatCyber EspionageState-Sponsored AttackGamaredonTurla

Sep 19, 2025 • ESET WeLiveSecurity

Gamaredon X Turla collab

Two notorious APT groups—Turla and Gamaredon—both linked to Russia's FSB intelligence service, have been observed collaborating to conduct cyber operations...

Source
ESET WeLiveSecurity
Category
adversary
Severity
high

Executive Summary

Two notorious APT groups—Turla and Gamaredon—both linked to Russia's FSB intelligence service, have been observed collaborating to conduct cyber operations against high-profile targets in Ukraine. This inter-group cooperation represents a significant escalation in state-sponsored cyber threat activity, combining Turla's advanced stealth capabilities with Gamaredon's aggressive targeting of Ukrainian entities. The collaboration suggests shared resources, infrastructure, and strategic objectives focused on intelligence gathering from Ukrainian government and critical infrastructure. Organizations with Ukraine exposure should enhance detection capabilities for both threat actors' TTPs, implement robust network monitoring, and coordinate threat intelligence sharing to identify potential indicators of compromise associated with either group.

Summary

Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine

Published Analysis

Two notorious APT groups—Turla and Gamaredon—both linked to Russia's FSB intelligence service, have been observed collaborating to conduct cyber operations against high-profile targets in Ukraine. This inter-group cooperation represents a significant escalation in state-sponsored cyber threat activity, combining Turla's advanced stealth capabilities with Gamaredon's aggressive targeting of Ukrainian entities. The collaboration suggests shared resources, infrastructure, and strategic objectives focused on intelligence gathering from Ukrainian government and critical infrastructure. Organizations with Ukraine exposure should enhance detection capabilities for both threat actors' TTPs, implement robust network monitoring, and coordinate threat intelligence sharing to identify potential indicators of compromise associated with either group. Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine

Linked Entities

  • Gamaredon
  • Turla