US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks.
Six of the eight samples are for the ComRAT malware (used by the Turla hacking group), while the other two are samples for the Zebrocy malware (used by the APT28 hacking group).
Having evolved from the old Agent.BTZ malware.Both Turla and APT28 have consistently updated both tools to add evasion techniques and keep their malware undetected.
CISA & Federal Bureau of Investigation’s CyWatch, published two security advisories describing ComRAT and Zebrocy’s inner workings.Both have been formally linked to the Russian government’s cyber-espionage units.
Attribution for both ComRAT and Zebrocy has always been done in an informal manner in reports published by privately-owned security vendors, but never in advisories published by government agencies.
Victims of both malware have been identified in Eastern Europe and Central Asia, US Cyber Command said.
The joint US government advisory was published on Halloween. US cyber-security agencies have recently made it a habit to expose malware operations on well-known holidays as a way to send greetings to foreign threat actors.