The U.S. Cyber Command exposed eight new types of malware developed and deployed by Russian hacker groups in recent attacks.
A joint CYBERCOM, CISA, and FBI advisory mark the first time that ComRAT and Zebrocy malware have been formally linked to the cyber-espionage units of the Russian government.
During the techno-pandemic, the number and seriousness of cybersecurity threats have greatly increased. Ransomware and malware attacks are a billion-dollar business.
Turla and the Sofacy Group are persistent threats using malware
Six of the eight samples are for ComRAT malware used by the Turla hacking group. Two other samples for Zebrocy malware which is being widely deployed by the Sofacy Group hackers (APT28, Fancy Bear).
Turla, aka Snake, is an espionage group that has been in operation since 2008. The group is known for attacking international governmental and military targets. Turla has successfully breached the U.S. military, the German Foreign Office, and the French military.
The group is known to use complex malware. To avoid detection, the hacking group started using PowerShell scripts that provide “direct, in-memory loading and execution of malware executables and libraries.” This enables them to bypass security detection.