On Halloween, the US Cyber Command uploaded to VirusTotal new versions of the ComRAT and Zebrocy malware, the authorship of which are attributed to Russian government hackers.
Thus, six of the eight presented samples are related to the ComRAT malware (used by the Turla hacker group), and the other two are Zebrocy malware (used by the APT28 hacker group).
“An implant dropper dubbed #ComRATv4 recently attributed by @CISAgov and @FBI to Russian sponsored APT, Turla. It was likely used to target ministries of foreign affairs and national parliament”, — says a message that appeared on the USCYBERCOM Cybersecurity Alert Twitter account.
Both malwares have been used by hackers for many years. For example, ComRAT has been used in attacks for over ten years, and it is believed that it evolved from the old Agent.BTZ Trojan. For example, hackers used this malware back in 2008 to steal data from the Pentagon network.
This is not the first time the US government has published new malware samples on VirusTotal. Thus, the authorities strive to share the latest versions of hacking tools with the general public so that system administrators and researchers are aware of the latest trends in the field of crime and have time to update protection measures in a timely manner.
For example, specialists from the Cyber National Mission Force of the US Cyber Command uploaded samples of new versions of ComRAT and Zebrocy to VirusTotal, and experts from the Department of Homeland Security Cybersecurity and Infrastructure Protection (DHS CISA), in collaboration with the FBI, published two security bulletins, describing the work of ComRAT and Zebrocy.
“As Slovak cyber-security firm ESET pointed out this week, the joint CYBERCOM, CISA, and FBI alerts also mark the first time that ComRAT and Zebrocy have been formally linked to the Russian government’s cyber-espionage units”, — add ZDNet journalists.
Victims of both malwares have been identified in Eastern Europe and Central Asia, according to the US Cyber Command.
Earlier this week, cybersecurity provider Accenture also released a report on the latest Turla operations and how often they use ComRAT malware.
Results of the US Government Joint Council was posted on Halloween. The US cybersecurity agencies have recently made it a rule to expose malware operations on famous holidays in order to send greetings to foreign attackers.
“Together with CISA and the FBI, US Cyber Command wish Russian state hackers a “Happy Halloween!”, — joke ZDNet journalists.
Let me remind you that recently Tech companies and government agencies have eliminated the TrickBot malware infrastructure, although some information security experts say that Trickbot is quite tenacious and may be resurrected, but let’s appreciate success of law enforcement agencies in the fight against cybercriminals for now.
