Earlier January, Austria's foreign ministry announced it was facing a "serious cyberattack" and that it could be the work of a nation-state actor. "Due to the gravity and nature of the attack, it cannot be ruled out that this is a targeted attack by a state actor," the foreign ministry said at the time in a joint statement with the interior ministry. "Despite all the intensive security measures, there is no 100-percent protection against cyberattacks." The attack took place on the evening of Saturday 4 January evening and it was quickly detected. Local reports revealed that the attack aimed at the ministry's IT infrastructure.
The group behind a global cyber-espionage campaign discovered last month deployed malicious computer code with links to spying tools previously used by suspected Russian hackers, researchers have said. Investigators at the Moscow-based cybersecurity firm Kaspersky said the "backdoor" used to compromise up to 18,000 customers of the US software maker SolarWinds closely resembled malware tied to a hacking group known as Turla, which Estonian authorities have said operates on behalf of Russia's FSB security service. The findings are the first publicly available evidence to support assertions by the US that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies and is among the most ambitious cyber-operations ever disclosed. Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment.
Malware researchers from ESET have conducted a new analysis of a backdoor used by the Russia-linked APT Turla in targeted espionage operations. The new analysis revealed a list of high-profile victims that was previously unknown. Turla is the name of a Russian cyber espionage APT group (also known as Waterbug, Venomous Bear and KRYPTON) that has been active since at least 2007 targeting government organizations and private businesses. The list of previously known victims is long and includes also the Swiss defense firm RUAG, US Department of State, and the US Central Command. In June 2016, researchers from Kaspersky reported that the Turla APT had started using rootkit), Epic Turla (Wipbot and Tavdig) and Gloog Turla.
US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly. Six of the eight samples are for the ComRAT malware (used by the Turla hacking group), while the other two are samples for the Zebrocy malware (used by the APT28 hacking group). Both ComRAT and Zebrocy are malware families that have been used by Russia hacking groups for years, with ComRAT being deployed in attacks for more than a decade, having evolved from the old Agent.BTZ malware.