For the first time, the US Cyber Command has discovered eight new malware, which were connected to Russia and target foreign affair ministries and national Parliament. These security threats have progresses in complexity, scope, and gravity, which put at risk billions of dollars when information security is not properly managed.
According to ZDNet, The Cybersecurity and Infrastructure Security Agency (CISA) with the Federal Bureau of Investigation's CyWatch published two security advisories on Thursday, October 30, describing the inner workings of ComRAT and Zebrocy. Also, the Cyber National Mission Force (CNMF) of US Cyber Command shared samples of the new versions of these two malware on the task force's VirusTotal account.
Russia hacking groups have been using these two malware families for years. ComRAT has evolved from old Agent.BTZ malware is deployed for over a decade since 2008. An analysis made in 2015 showed the evolution of a Remote Administration Tool (RAT), now called as ComRAT, which has targeted extremely sensitive bodies, including the US Pentagon in 2008, the Belgium Ministry of Foreign Affairs in 2014 as well as the Finnish Ministry of Foreign Affairs.
In contrast, Zebrocy was used to target embassies and ministries of foreign affairs. In 2019, ESET researchers identified a new campaign launched by APT28, which targeted the embassies Eastern European and Central Asian countries, which seem to be their favorite victims.
Similarly, Accenture, a cyber-security vendor, also published its report about the recent Turla operations in a blog on its website earlier this week. Accenture's Cyber Threat Intelligence as Belugasturgeon has identified Turla, which targets government organizations through custom malware, which include updated legacy tools and designed to persistently keep through overlapping backdoor access while eluding the victim's defenses.
Accenture's identified a tool, called the HyperStack backdoor, which has undergone significant updates and was inspired by group's Carbon backdoor as well as the RPC backdoor.
Both ComRAT and Zebrocy are informally attributed based on reports created by privately-owned security vendors, but not in government advisories. However, US government agencies have not found any link of these malware strains on any of recent security events.
This is owned by Tech Times
Written by CJ Robles