Select Page

Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail’s web interface to covertly receive commands and exfiltrate sensitive data.

“ComRAT v4 was first seen in 2017 and known still to be in use as recently as January 2020,” cybersecurity firm ESET said in a report shared with The Hacker News. “We identified at least three targets: two Ministries of Foreign Affairs in Eastern Europe and a national parliament in the Caucasus region.”

Turla, also known as Snake, has been active for over a decade with a long history of the watering hole and spear-phishing campaigns against embassies and military organisations at least since 2004.

The group’s espionage platform started off as Agent.BTZ, in 2007, before it evolved to ComRAT, in addition to gaining additional capabilities to achieve persistence and to steal data from a local network.

It is now known that earlier versions of Agent.BTZ were responsible for infecting US military networks in the Middle East in 2008. In recent years, Turla is said to have been behind the compromise of French Armed Forces in 2018 and the Austrian Foreign Ministry early this year.​

images from Hacker News