Russia reports RAT scurrying through govt systems, chewing data

Trojan customised to target specific users, then goes on its merry way

18 Reg comments Got Tips?

Russia's Government is reporting that malware designed to steal data has been found in state systems at two dozen agencies and critical institutions.

Moscow did not reveal the names of the targeted agencies nor which attacks were successful and what data if any was stolen.

Military, scientific, and critical infrastructure organisations were targeted with malware The Register believes, based on Russia's statement, is likely a victim-specific remote access trojan.

Russia's Federal Security Service (FSB) says it "... found evidence of malicious software designed to commit cyber espionage against the computer networks of some 20 organisations located in Russia," in a canned statement.

"The malware is made for each individual victim based on the unique characteristics of the targeted PC.

"It spreads through targeted attacks on PCs through emails containing malicious attachments."

The security agency says it loads modules that capture snapshots of the victim's machine before customising further attacks to help intercept traffic, turn on and monitor microphones, capture screenshots and keystrokes, and siphon a wide variety of data sets.

Moscow and other governments rarely reveal details of attacks, and the Government says it is working to contain the threat, and identify victims and actors.

Malware writers in the country typically avoid attacking systems located in Russia in what is assumed to be an effort to avoid drawing local heat; It would be among the boldest of attacks should local hacking groups be behind the Moscow trojan attacks. ®


Biting the hand that feeds IT © 1998–2020