Security News > 2020 > October > The Russians are at it again: Zebrocy backdoor malware is evolving, Uncle Sam warns close to eve of presidential election
The US government, in full pre-presidential election high alert, has issued a warning about an evolved strain of backdoor malware from a Russian offensive cyber unit.
The Zebrocy backdoor, warned the CISA infosec agency, has evolved - and while the agency didn't explicitly link it to Russia, previous research from the private sector made it abundantly clear who the malware's operators are.
"Two Windows executables identified as a new variant of the Zebrocy backdoor were submitted for analysis. The file is designed to allow a remote operator to perform various functions on the compromised system," said the CISA in an advisory published overnight.
ESET researcher Alexis Dorais-Joncas told The Register: "The CISA warning is a good and accurate summary of the malware's capabilities attributed to the Zebrocy toolset. The two files mentioned in the advisory were used in attacks that took place in summer 2019 against usual targets in Eastern European and Central Asian countries."
Previous ESET research published in September last year showed how the Kremlin-backed APT28 hacking crew, more precisely identified by the British and US governments as including GRU unit 74455, went into detail about Zebrocy's lures and functionality.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/30/zebrocy_warning_us_cisa/
Related news
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (source)
- Iranian hackers pose as journalists to push backdoor malware (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)