Turla (attributed to FSB Center 16) has restructured its Kazuar backdoor from a centralized C2 model to a peer-to-peer botnet architecture with modular capability updates, eliminating the sinkholing and single-node takedown vectors that defenders previously used to disrupt the implant. This is not a patchable vulnerability — it is an adversary capability upgrade requiring threat hunting and network visibility investment, not a software update.