The U.S. Cyber Command, together with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), has identified new types of malware that authorities say were used in attacks by Russian hackers against government targets.
An implant dropper dubbed #ComRATv4 recently attributed by @CISAgov and @FBI to Russian sponsored APT, Turla. It was likely used to target ministries of foreign affairs and national parliament.
@CNMF_CyberAlert continues to disclose #malware samples on: https://t.co/fSgk1xpG8t pic.twitter.com/c2jmozTAyB— USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) October 29, 2020
The identified malicious components are associated with the malware families ComRAT and Zebrocy, which hackers have used in attacks for many years.
The message states that ComRAT is used by the hacking group Turla (also known as Uroboros), and Zebrocy by the APT28 group (also operating under the name Fancy Bear). Both groups are linked to Russia.
The hackers continually updated their tools, so the malware remained undetected for a long time.
According to experts, ComRAT was used against foreign ministries and the parliament, while Zebrocy targeted embassies and ministries.
Both malware families targeted victims in Eastern Europe and Central Asia.
In October, the U.S. Department of Justice charged six Russian citizens with hacking attacks on infrastructure in France, South Korea, Ukraine and the United States.
Read ForkLog’s exclusive for more on Fancy Bear and other well-known hacker groups.
Anatomy of hacker groups: who and why they hack digital systems
Follow ForkLog’s news on Telegram: ForkLog Feed — the full news stream, ForkLog — the most important news and polls.