STOCKSTAY: Turla’s .NET Backdoor for Cyber Espionage
STOCKSTAY is a multi-component .NET backdoor attributed to the Russian state-sponsored threat actor Turla. It uses a secure WebSocket connection for C2…
Tag: WebSocket
Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
Google Threat Intelligence Group (GTIG) has attributed a previously undocumented .NET backdoor named STOCKSTAY to the Russian state-sponsored threat actor Turla. The…