Cybersecurity firm says Russian hacking group using new malware tool

Cybersecurity firm says Russian hacking group using new malware tool
© Getty Images

A longstanding hacking group believed to be Russian intelligence is focusing on southeast European and former Soviet bloc political targets with a new tool, according to a report from the cybersecurity firm ESET.

The tool, a second-stage backdoor that is installed by another piece of malware in a multi-stage attack, has been named “Gazer” by researchers.

“It’s very stealthy,” said Jean-Ian Boutin, senior malware researcher at ESET.

ESET writes that it has “high confidence” in attributing Gazer to Turla, a hacking group that has been active for at least a decade. ESET does not, however, attribute any groups to specific countries.


Gazer links to Turla through other tools used in the attacks, coding similarities and consistent methodologies, and the use of at least one of the same intermediary servers being used in other Turla tools.

Gazer has not completely replaced other second-stage backdoors in the Turla.

The ESET write-up notes that the source code for Gazer contains a series of references to video games, including creating registry entries like “only single player is allowed.”

New functionalities in Gazer include a custom cryptography implementation, according to ESET, which has identified samples going back to 2016.