In a whitepaper published this week, cyber security firm ESET detail how new features of the ComRAT v4 malware are being used to target political institutions.

TURLA, one of Russia’s most notorious hacker groups, has targeted two ministries of Foreign Affairs and a national parliament using the ComRAT v4 malware.

The malware uses a complex backdoor to steal sensitive documents and upload these to a public cloud service.

Hackers are now using ComRAT to collect antivirus logs from infected computers. They also noted that ComRAT can use the Gmail web interface to receive commands and exfiltrate data.

This means hackers can take over a victim’s web browser to load malware that takes commands from emails that hackers send to the victim. This is different to the traditional method of using HTTP to execute instructions to victim’s devices.

ComRAT has been used to target political institutions in the past and this appears to be continuing. ESET’s whitepaper provides insight into the attacker’s activity and helpfully provides a list of MITRE ATT&CK techniques.

Our Cyber Assessment Framework (CAF)contains a section on building resilient networks and systems against cyber attacks but these other pieces of guidance might be useful

 

Source: [https://www.ncsc.gov.uk/report/weekly-threat-report-29th-may-2020]