New malware sample uploaded by Cyber Command still used in active attacks
- The sample, which was uploaded on VirusTotal last week, is still undetected by certain antivirus software.
- The malware is reportedly linked with APT28, a Russian threat actor group.
A malware sample uploaded by the U.S. Cyber Command last week was discovered to be involved in ongoing cyber attacks. These attacks are believed to be targeting Central Asian countries along with diplomatic organizations.
Security researchers from Kaspersky Labs and ZoneAlarm indicate that the malware in the Cyber Command’s sample was associated with the infamous APT28 a.k.a Fancy Bear group.
- Both, Kaspersky Labs and ZoneAlarm, suggest that the malware in the sample was XTunnel. This malware was deployed by APT28 to compromise the Democratic National Committee in 2016.
- Researchers observed that this malware variant had certain differences in code. It also has a file size of over 3MB compared to the below-25kb size. The malware also had some components common with XAgent spyware.
- As of now, 45 out of 70 antivirus software have flagged this malware. The sample can be viewed here.
Cyber Command keeps mum
Even though Cyber Command uploaded the sample, it did not mention any specific details. “Cyber Command, which shared the malware sample as part of its effort to boost information sharing, did not announce when it uncovered this particular malware sample and did not attribute it to any group. When it was first posted to VirusToal, Kaspersky Lab and ZoneAlarm were the only anti-virus engines that flagged the file as malicious,” reported CyberScoop.