Usually it’s the Russians that dump its enemies’ files. This week, the U.S.A. Cyber Command (CYBERCOM), a part of the military machine tasked amongst hacking too cybersecurity focused missions, started publicly releasing unclassified samples of adversaries’ malware it has discovered. CYBERCOM says the motion is to amend information sharing amid the cybersecurity community, but inwards to a greater extent than or less ways it could hold out seen every bit a betoken to those who hack the U.S.A. systems: nosotros may liberate your tools to the wider world. “This is intended to hold out an enduring too ongoing information sharing effort, too it is non focused on whatsoever item adversary,” Joseph R. Holstead, acting manager of populace affairs at CYBERCOM told Motherboard inwards an email.
On Friday, CYBERCOM uploaded multiple files to VirusTotal, a Google-owned search engine too repository for malware. Once uploaded, VirusTotal users tin flaming download the malware, come across which anti-virus or cybersecurity products probable notice it, too come across links to other pieces of malicious code.
Got a tip? You tin flaming contact Joseph Cox securely on Signal on +44 twenty 8133 5190, OTR chat on jfcox@jabber.ccc.de, or electronic mail joseph.cox@vice.com.
One of the ii samples CYBERCOM distributed on Fri is marked every bit coming from APT28, a Russian government-linked hacking group, past times several dissimilar cybersecurity firms, according to VirusTotal. Those include Kaspersky Lab, Symantec, too Crowdstrike, amid others. APT28 is also known every bit Sofacy too Fancy Bear.
Adam Meyers, vice president of tidings at CrowdStrike said that the sample did look new, but the company’s tools detected it every bit malicious upon outset contact. Kurt Baumgartner, master copy safety researcher at Kaspersky Lab, told Motherboard inwards an electronic mail that the sample “was known to Kaspersky Lab inwards belatedly 2017,” too was used inwards attacks inwards Central Asia too Southeastern Europe at the time.
“When reporting on it, Kaspersky Lab researchers noted it seemed interesting that these organizations shared overlap every bit previous Turla [another Russian hacking group] targets. Overall, it is non ‘new’ but rather newly available to the VirusTotal public.”
The malware itself does non look to all the same hold out active. Influenza A virus subtype H5N1 spokesperson for Symantec told Motherboard inwards an electronic mail that the command too command servers—the computers that tell the malware what commands to run or shop stolen data—are no longer operational. The spokesperson added that Symantec detected the sample when the society updated its detection tools a twosome of months ago.
Buat lebih berguna, kongsi:
