The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan (RAT) to attack governmental targets.
Turla (a.k.a. Snake, Venomous Bear, Waterbug or Uroboros), is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier, according to previous research from Kaspersky. “It is a complex cyberattack platform focused predominantly on diplomatic and government-related targets, particularly in the Middle East, Central and Far East Asia, Europe, North and South America, and former Soviet bloc nations,” according to the firm.
The group is also known for its custom espionage toolset. According to ESET researchers, ComRAT is one of Turla’s oldest weapons, released in 2007 – but the firm found that Turla used an updated version in attacks against at least three targets earlier this year: Two Ministries of Foreign Affairs and a national parliament.