External Publication
Visit Post

Russia-Linked Turla Uses STOCKSTAY Backdoor in Ukraine Espionage Campaign

VPN Central [Unofficial] June 29, 2026
Source
Russia-linked Turla has added a .NET backdoor called STOCKSTAY to its espionage toolkit, with Ukraine government and military organizations among the main targets. The malware has been under active development since at least December 2022, according to the Google Threat Intelligence Group. STOCKSTAY stands out because it does more than run commands on a compromised […] The post Russia-Linked Turla Uses STOCKSTAY Backdoor in Ukraine Espionage Campaign appeared first on VPN Central.

Discussion in the ATmosphere

Loading comments...