 |
| The US Electronics Command detects Russian malware |
The US Cyber Command has released eight new samples of malware developed by Russian hackers that have been used in recent attacks.
Hacking Group (Turla) used six examples of malware (ComRAT) and Hacking Group (APT28) two other examples of malware (Zebrocy).
ComRAT and Zebrocy are two families of malware that Russian hacking organizations have used for many years.
ComRAT is based on legacy malware (Agent.BTZ) and has been used in attacks for more than a decade.
Turla and APT28 are constantly updating their tools to add evasion technologies and keep malware undetected.
US Cyber Command aims to make the latest versions of these hacking tools available to the public so that system administrators can add detection rules and update protection.
CNMF has uploaded samples of new versions of ComRAT and Zebrocy via their VirusTotal account.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI's CyWatch Center have issued a security warning describing the inner workings of ComRAT and Zebrocy.
As the Slovak Cyber Security Association (ESET) reported this week, the US warning is the first time that ComRAT and Zebrocy have formally contacted the cyber espionage division of the Russian government.
In the report released by the private security company, ComRAT and Zebrocy had informal contacts with the Russian government's cyber espionage division, but this was not made in the state agency's warning.
The United States government has not linked these recent samples to recent security incidents.
According to ESET data, ComRAT was used in the past as a target group by the Ministry of Foreign Affairs and the National Assembly and Zebrocy was used as a target group for the Embassy and the Ministry of Foreign Affairs.
"Victims of these two malicious programs have been found in Eastern Europe and Central Asia," said US Electronics Command.
Cybersecurity firm Accenture released a report on recent operations and use of malware (ComRAT) in Turla earlier this week.