ESET has disclosed an attack on its antivirus program and two other targets by the Russian-backed Turla hacker group. Apart from the attack on the antirust program, the National parliament in Caucasus and two Foreign offices in Europe were also targeted with the use of a new version of a malicious program known as ComRAT.
Unlike the old version of ComRAT which was deployed in 2008 to siphon data from a network belonging to the Pentagon, ESET security team of researchers have observed that the new version of ComRAT v4 developed by Turla Hackers Group comes with new features; like getting orders from Gmail inbox logs through email attachments sent to it and also an ability to collect anti-virus software logs while adjusting to avoid detection.
The list of victims of an attack from ComRAT malware which was previously called AgentBTZ continues to increase, starting from the attack on the Pentagon in the 2000s, with recorded attacks on victims in Africa, Asia, Europe, and the Middle East, this latest attack which occurred in January 2020 has become the most advance based on the new features of the updated version of ComRAT according to ESET.
ESET Security Team Response
Mathieu Fauo, a member of ESET security research unit stated that “the ComRAT malware comes with two command-and-control contraptions with the first being a classic method of connecting to a remote server via HTTP and collecting instructions to work on hosts infected and the second which is the use of Gmail’s web platform for taking over the victim’s browsers, then load a prewritten cookie file thereby initiating a session to the Gmail web dashboard.”
Turla hackers’ group has continued the use of ComRAT to hunt for specific files in the filesystem to exfiltrate the data into a cloud file sharing account on 4shared as done before as a second-stage payload on infected hosts.
The Turla hackers group will certainly keep improving on their malicious weapons to further find ways to breach into bigger targets in the nearest future.
- Chinese Cybercrime Group Ripping Off Developers in the Gaming Industry
- 1,000 Chinese Nationals Suspected in Massive Online Scam
- Cryptojacking Across Europe: Multiple Supercomputers Get Hit
- How To Get A Cybersecurity Job With No Experience
- Top 3 D-Link Routers For The Tech-Savvy People - September 17, 2020
- How To Permanently Block Certain Websites On Google Chrome - September 7, 2020
- Cloud Security: Why Companies Should Not Fear To Move On The Cloud? - August 19, 2020