A joint CYBERCOM, CISA, and FBI advisory mark the first time that ComRAT and Zebrocy malware have been formally linked to the cyber-espionage units of the Russian government.
During the techno-pandemic, the number and seriousness of cybersecurity threats have greatly increased. Ransomware and malware attacks are a billion-dollar business.
Turla and the Sofacy Group are persistent threats using malware
Turla, aka Snake, is an espionage group that has been in operation since 2008. The group is known for attacking international governmental and military targets. Turla has successfully breached the U.S. military, the German Foreign Office, and the French military.
The group is known to use complex malware. To avoid detection, the hacking group started using PowerShell scripts that provide “direct, in-memory loading and execution of malware executables and libraries.” This enables them to bypass security detection.
The Sofacy Group is a cyber-espionage group with ties to the Russian government. They have been operating since 2007, and also have a history of targeting security organizations, government, and military.
Victims of Russian malware have been identified in Eastern Europe and Central Asia, US Cyber Command said.
ComRAT and Zebrocy are malicious malware
Both ComRAT and Zebrocy have been extensively used by Russia-based hacking groups. They both evolved from the old Agent.BTZ malware.
According to an ESET report, both ComRAT and Zebrocy have been used to target ministries of foreign affairs, embassies, and a parliament. There have been international victims of both malware in the US, Eastern Europe, and Central Asia.
Information about ComRAT and Zebrocy has been published in the past by privately-owned security vendors. This is the first time these advisories have been published by government agencies that specialize in cybersecurity.
The purpose of this recent US government advisories and exposé is to issue an alert about recent versions of these hacking tools. Hopefully, system administrators can add detection rules and update privacy and protection measures.
Last week, US Cyber Command’s Cyber National Mission Force (CNMF) uploaded samples of the new ComRAT and Zebrocy versions on its VirusTotal account.
Cybersecurity and Infrastructure Security Agency (CISA), in cooperation with the Federal Bureau of Investigation’s CyWatch, published two security advisories describing ComRAT and Zebrocy’s inner workings.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.