You are here
Home > News > Turla hackers group hijack ESET Antivirus logs to test their malware

Turla hackers group hijack ESET Antivirus logs to test their malware

turla hackers group eset security

ESET has disclosed an attack on its antivirus program and two other targets by the Russian-backed Turla hacker group. Apart from the attack on the antirust program, the National parliament in Caucasus and two Foreign offices in Europe were also targeted with the use of a new version of a malicious program known as ComRAT.

Unlike the old version of ComRAT which was deployed in 2008 to siphon data from a network belonging to the Pentagon, ESET security team of researchers have observed that the new version of ComRAT v4 developed by Turla Hackers Group comes with new features; like getting orders from Gmail inbox logs through email attachments sent to it and also an ability to collect anti-virus software logs while adjusting to avoid detection.

The list of victims of an attack from ComRAT malware which was previously called AgentBTZ continues to increase, starting from the attack on the Pentagon in the 2000s, with recorded attacks on victims in Africa, Asia, Europe, and the Middle East, this latest attack which occurred in January 2020 has become the most advance based on the new features of the updated version of ComRAT according to ESET.

ESET Security Team Response

Mathieu Fauo, a member of ESET security research unit stated that “the ComRAT malware comes with two command-and-control contraptions with the first being a classic method of connecting to a remote server via HTTP and collecting instructions to work on hosts infected and the second which is the use of Gmail’s web platform for taking over the victim’s browsers, then load a prewritten cookie file thereby initiating a session to the Gmail web dashboard.”

Turla hackers’ group has continued the use of ComRAT to hunt for specific files in the filesystem to exfiltrate the data into a cloud file sharing account on 4shared as done before as a second-stage payload on infected hosts.

The Turla hackers group will certainly keep improving on their malicious weapons to further find ways to breach into bigger targets in the nearest future.

RELATED POSTS

Amaya Paucek

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top