SecurityWeek ·EN-US News source Exploited in the wild Turla
Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets
CVE Tools coverage
Security researchers report that the Russia-linked APT Turla has been using a new .NET espionage backdoor called StockStay to target Ukrainian government and military organizations, and in some cases related European entities. The malware has been delivered through phishing themes and can be installed via malicious RDP configuration files, with recent activity in November 2025 also leveraging exploitation of CVE-2025-8088 (WinRAR) for payload execution. This matters because the infection chain shows continued refinement of Turla’s initial access and stealthy command-and-control methods against high-value targets.