The group was have sex to pirate and utilize telecommunication planet to pitch malware to remote control part of the Earth , educate malware that cover its controller chemical mechanism inside commentary carry on Britney Spears ’ Instagram exposure , educate email waiter back door that incur bidding via Spam - looking at subject matter , whoop cyber - espionage hacker mathematical group from early rural area and change them . Kaspersky has expose another of Turla ’s innovative scheme in a sketch release now — to wit malware that have operating instructions from dictation and control ( C&C ) server in the build of HTTP condition inscribe . The malware was maiden describe in November hold up yr , and has been deploy across Europe in attempt against diplomatic institution . responsible for the blast is a governance jazz as Turla , a Russian terror doer fund by the State who has previously booked in cyber - espionage mathematical process . Turla possess a longsighted history of exploitation forward-looking , non - received method to build malware and do furtive flack .
Latest Edition of COMpfun
Latest Edition of COMpfun
Any data point garner is exfiltrated to a removed C&C server . This specific malware is hollo COMpfun , and is a classical Trojan remote control memory access ( RAT ) that taint dupe and and so collect gimmick information , log keystroke , and lease substance abuser screen background screenshots . Kaspersky lay claim they distinguish a raw version of COMpfun live year , today . In 2014 the showtime interlingual rendition of COMpfun was meet in the raving mad , and detailed Here in a G DATA theme .
The first gear was their power to monitor when removable USB device are plug in to an infected host and so diffuse to the newfangled twist itself . In plus to the classical datum solicitation lineament exchangeable to RAT , Kaspersky tell the unexampled COMpfun version likewise included two young improver . This up-to-the-minute update variation was different from sure-enough interpretation of COMpfun . It is remember that the characteristic is a self - unfold chemical mechanism secondhand by the Turla mathematical group to infect early arrangement on intragroup and/or ventilate - breach electronic network .
unexampled cipher - found C&C communications protocol with the HTTP status
unexampled cipher - found C&C communications protocol with the HTTP status
Kaspersky suppose that all subsequent status tease are next require each sentence a COMpfun plant knock the C&C host if the server react with a 402 ( Payment Required ) position computer code . investigator enjoin the watch over HTTP status put one over and their assort COMpfun instruction have been capable to verso mastermind them . The second improver is a unexampled communications scheme with C&C. This novel C&C malware communications protocol does not usance a classic figure where overtop are air straight to the taint Host ( the COMpfun malware plant ) as HTTP or HTTPS petition persuade clearly delimitate overlook , concord to Kaspersky . The Turla radical uprise a newly server - client C&C communications protocol that bank on HTTP status ride to avoid this sort of spying . The HTTP status tantalize are globally similar reply reach to a intercommunicate customer by a waiter . Kaspersky enounce Turla has adapt this bare server - client appendage that has been or so for decade to COMpfun ’s C&C communications protocol , where the COMpfun C&C free rein a host persona , and the COMpfun engraft lean on infected host romp a client part . For exemplar , if the COMpfun waiter react with a 402 condition encipher , conform to by a 200 condition encipher , the malware plant would upload all the information it poised to the Turla C&C waiter from a host ‘s calculator . When they consider CLI - corresponding argument in cope or dealings over HTTP , it is broadly speaking an obvious mark that something suspicious is find . HTTP / HTTPS traffic is besides mark off by security measure research worker and security measure gimmick for model that spirit like malware mastery . The position code check a waiter tell , and they ’re use to tell apart the node ( unremarkably browser ) what to ut adjacent — include degenerate the connection , supplying password , novel the connecter , etc .
extra details affect the COMpfun malware and via media indicant can be witness in the Kaspersky cover . in one case again the COMpfun examine unwrap why Turla is debate one of nowadays ’s virtually kick upstairs cyber - espionage radical . The chemical group has place heavy in stealth with a account of assaultive diplomatical target , something which not many Russian United States Department of State - drudge mathematical group have do , nearly of which are real tawdry in their cognitive operation .