Happy Halloween ๐ŸŽƒ from Russia

US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks.

Six of the eight samples are for the ComRAT malware (used by the Turla hacking group), while the other two are samples for the Zebrocy malware (used by the APT28 hacking group).

Having evolved from the old Agent.BTZ malware.Both Turla and APT28 have consistently updated both tools to add evasion techniques and keep their malware undetected.

CISA & Federal Bureau of Investigation’s CyWatch, published two security advisories describing ComRAT and Zebrocy’s inner workings.Both have been formally linked to the Russian government’s cyber-espionage units.

Attribution for both ComRAT and Zebrocy has always been done in an informal manner in reports published by privately-owned security vendors, but never in advisories published by government agencies.

Victims of both malware have been identified in Eastern Europe and Central Asia, US Cyber Command said.

The joint US government advisory was published on Halloween. US cyber-security agencies have recently made it a habit to expose malware operations on well-known holidays as a way to send greetings to foreign threat actors.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s