Two Shadows Converge
Category: Cyber-Espionage / State-Sponsored Threats / National Security
Features: FSB-linked operations, Turla–Gamaredon collaboration, espionage targeting Ukrainian government and defense
Delivery Method: Technical reports, malware analysis, geopolitical context
Threat Actor: Russian state-backed APTs (Turla and Gamaredon)
For years, Ukraine has battled not one but multiple fronts of Russian cyber aggression. Among the most persistent adversaries: Gamaredon, the noisy saboteur from Crimea, and Turla, the veteran espionage unit with global reach. Now, for the first time, researchers have documented the two groups operating in tandem inside Ukraine — a convergence that signals Moscow’s deepening cyberwarfare strategy.
Slovak cybersecurity firm ESET reported four incidents where Gamaredon and Turla implants were found on the same Ukrainian machines. What makes this significant is not just the overlap, but the interdependence: in at least one case, Turla restarted its Kazuar v3 backdoor remotely via Gamaredon’s infrastructure, essentially riding shotgun on its counterpart’s foothold.
Gamaredon: The Blunt Instrument
Gamaredon, active since at least 2013, is Ukraine’s most aggressive and prolific adversary. Believed to operate from Russian-occupied Crimea, the group floods Ukrainian government and defense entities with spearphishing campaigns and compromised USB drives.
Its arsenal of malware — PteroLNK, PteroStew, PteroOdd, PteroEffigy, and PteroGraphin — is tailored less for stealth and more for persistence and disruption. Ukrainian officials describe it as a constant harassment tool, infecting hundreds or thousands of systems at a time.
Turla: The Surgical Blade
By contrast, Turla — active since 2004 and attributed to Russia’s FSB Center 16 (a.k.a. “Center for Special Technology”) — is far more selective. It is best known for sophisticated espionage campaigns targeting diplomatic missions, government agencies, and defense contractors in Europe, Central Asia, and the Middle East.
In Ukraine, ESET found Turla on just seven machines over 18 months, compared with Gamaredon’s hundreds. This suggests Turla was hand-picking high-value systems containing sensitive intelligence, then quietly installing its Kazuar v3 backdoor for long-term espionage.
FSB’s Dual Strategy
The partnership reflects a strategic logic:
- Gamaredon acts as the battering ram, gaining initial access at scale through crude but effective means.
- Turla arrives later, exploiting that access to implant bespoke espionage tools, ensuring Russia extracts strategic intelligence from Ukraine’s most sensitive networks.
This duality mirrors Russia’s broader doctrine of combining blunt-force disruption with targeted intelligence collection.
It is not the first collaboration of its kind. In 2020, Gamaredon’s infrastructure was observed aiding the InvisiMole group, another Kremlin-linked outfit. And Turla has a history of hijacking infrastructure belonging to both rival and allied APTs.
ESET notes that both groups are believed to answer to different FSB centers, which themselves have a long history of Cold War-era collaboration. In that sense, what’s happening inside Ukrainian networks is less an anomaly and more a digital continuation of decades-old operational alliances.
Why This Matters
Ukraine is already the world’s most battle-tested nation when it comes to cyber defense, having endured waves of attacks against its power grid, banks, military networks, and communications systems. But the collaboration between Turla and Gamaredon highlights a dangerous escalation:
- Operational efficiency: pairing scale with precision.
- Intelligence targeting: identifying and extracting highly sensitive military or diplomatic data.
- Strategic timing: intensifying espionage during Russia’s ongoing war effort.
The convergence shows Moscow’s willingness to coordinate multiple APT units under a single operational umbrella, blurring the lines between harassment and espionage.
TRJ Verdict
The discovery of Turla and Gamaredon working in concert is not simply another cybersecurity footnote — it’s a glimpse into how Russia has industrialized its cyberwarfare apparatus. Ukraine is the proving ground, but the tactics revealed here have global implications.
If blunt-force actors like Gamaredon can pave the way for espionage veterans like Turla, the model could be exported beyond Ukraine — against NATO governments, European ministries, or even private-sector defense contractors abroad.
The Cold War taught us that Russian intelligence agencies never truly operated in silos. Today, that lesson is being rewritten in code.
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 2 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed just like the first one.
🔥 Kindle Edition 👉 https://a.co/d/1xlx7J2
🔥 Paperback 👉 https://a.co/d/a7vFHN6
🔥 Hardcover Edition 👉 https://a.co/d/efhu1ON
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
Russia is such a troublemaker, and it is relentless. This duel strategy sounds like it could be devastating and there is no question in my mind that if this works Russia will not hesitate to use it on other nations as you have suggested.
Thank you for this news.
You’re very welcome, Chris — and you’re right, Russia has shown time and again that it doesn’t hesitate to escalate or experiment when it comes to hybrid warfare. The fact that Turla and Gamaredon are working together is a dangerous development — one group provides mass access, the other extracts precision intelligence. That “duel strategy,” as you called it, could absolutely be turned outward against NATO members, EU institutions, or even private industry if Moscow thinks it can gain advantage.
Thank you very much for your insight, Chris — always greatly appreciated. 😎
You’re welcome, John, and thank you for the reply. These bad actors combined sound like a huge threat.