ESET Research has uncovered collaboration between notorious APT groups Gamaredon and Turla, both associated with Russia's FSB, targeting high-profile victims in Ukraine. The research reveals Gamaredon tools being used to restart and deploy Turla's Kazuar backdoor on compromised machines. This marks the first known instance of cooperation between these groups, with Turla selectively choosing valuable targets from Gamaredon's numerous compromises. The collaboration involves the use of various Gamaredon tools like PteroGraphin, PteroOdd, and PteroPaste to facilitate Turla's operations. The report details multiple attack chains, including the restart of Kazuar v3 and deployment of Kazuar v2, demonstrating a sophisticated level of coordination between the two threat actors.