Some cybersecurity firms believe the hacking group exposed by ESET, known as Turla, is connected to Russian intelligence services. The backdoor used by Turla has been codenamed Gazer.
ESET describes Gazer as a stealthy and complex hacking tool that is difficult to detect. The implant receives encrypted code from an external server, which can execute commands either directly through the infected machine or via another computer on a shared network. In addition, ESET found evidence that Turla leverages a virtual file system in the Windows registry to evade antivirus defenses after they’ve deployed Gazer.