Security News > 2020 > October > The Russians are at it again: Zebrocy backdoor malware is evolving, Uncle Sam warns close to eve of presidential election
The US government, in full pre-presidential election high alert, has issued a warning about an evolved strain of backdoor malware from a Russian offensive cyber unit.
The Zebrocy backdoor, warned the CISA infosec agency, has evolved - and while the agency didn't explicitly link it to Russia, previous research from the private sector made it abundantly clear who the malware's operators are.
"Two Windows executables identified as a new variant of the Zebrocy backdoor were submitted for analysis. The file is designed to allow a remote operator to perform various functions on the compromised system," said the CISA in an advisory published overnight.
ESET researcher Alexis Dorais-Joncas told The Register: "The CISA warning is a good and accurate summary of the malware's capabilities attributed to the Zebrocy toolset. The two files mentioned in the advisory were used in attacks that took place in summer 2019 against usual targets in Eastern European and Central Asian countries."
Previous ESET research published in September last year showed how the Kremlin-backed APT28 hacking crew, more precisely identified by the British and US governments as including GRU unit 74455, went into detail about Zebrocy's lures and functionality.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/30/zebrocy_warning_us_cisa/
Related news
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russian charged by U.S. for creating RedLine infostealer malware (source)
- Uncle Sam outs a Russian accused of developing Redline infostealing malware (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)