Defense and intelligence — Russian FSB + Belarusian GRU-aligned operators both active against NATO/EU targets

2026-05-14: Microsoft documented Secret Blizzard (Turla / FSB Centre 16) evolving Kazuar into a three-module peer-to-peer botnet architecture — the Bridge module implements a mesh C2 network using victim machines as relay nodes, reducing Kazuar's historic reliance on single-hop CDN-based C2 infrastructure. 2026-05-15: ESET documented FrostyNeighbor / Ghostwriter (UNC1151, Belarus state-aligned) conducting a March–May 2026 campaign targeting Ukrainian government organisations with spear-phishing (PDF lures impersonating Ukrtelecom) delivering PicassoLoader and Cobalt Strike. Both actors target NATO and EU government organisations; CH/EU intelligence services and defence ministries should treat both campaigns as on-network threats to the same organisational categories they serve.