MEDIUMApt
Global

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

·Source: The Hacker News

Updated:

Executive Summary

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (

Analysis

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (
Source Attribution

Originally published by The Hacker News on Jun 26, 2026.

Related Threats