Zebrocy group, also known as APT28, has been linked to a new backdoor family. A report by Kaspersky Labs that detailed the developments of the group over the years, mentions this new backdoor. According to the report, the backdoor is written in a new programming language called Nim and is used by attackers to steal credentials and gain persistence on infected systems.
What makes it different?
Kaspersky’s report indicates that the Zebrocy group has employed a plethora of programming languages along with copy-pasting various codes for the malware set.
“The Zebrocy malware set is tossed together from a wide set of languages and technologies, including both legitimate and malicious code shared on online forums and sites like Github and Pastebin. This repeated “copy/paste” practice is not frequently seen in Russian speaking APT malware sets, although open source and penetration testing/red teaming malware are frequently used by other groups, like Empire, Responder, BeEF, and Mimikatz,” said the report.
Kaspersky Lab has stated it would be publishing more details on this Nim backdoor variant of Zebrocy in the coming days.