Russian cyberspies use Gmail to control updated ComRAT malware
A new version of the ComRAT backdoor has been found by security researchers at ESET. The backdoor is controlled through the Gmail web interface and was discovered when the state-sponsored Russian hacker group Turla began using it to harvest data and steal information in attacks targeting governmental institutions. Other common names for the Russian threat actor group include Waterbug, Snake, or Venomous Bear.
The group is notorious for its unorthodox methods and strategies used in its cyber-espionage attacks. Historically, Turla has developed backdoor trojans with their own unique APIs that reverse communication flows, used comments on celebrities’ Instagram photos to control malware, and hijacked other state-sponsored hacking groups’ malware. ComRAT was used in 2008 to compromise US military systems and dates back to 2007. The new Gmail campaign deployed by Turla also targets government institutions.