The U.S. Cyber National Mission Force (CNMF) has started uploading malware samples to VirusTotal as part of its on-going efforts to work more closely with the private sector.The Force, which is a sub-command of U.S. Cyber Command, on November 5 began sharing unclassified malware samples it has discovered that will have the greatest impact on improving global cybersecurity, the unit said in a statement.
So far the CNMF has uploaded two files to VirusTotal.
“The US Cyber Command has uploaded two malware samples relating to APT28, the Russian group behind the US election hacking. So far, the quantity has been small, but the quality is high,” said Chris Doman, a security researcher at AlienVault.
Initial compromise has been followed with either malicious JavaScript code injections for credential theft, LocalOlive web shell delivery for further payload retrieval, or remote access software distribution for additional compromise.
Sandworm, also known as APT44, Seashell Blizzard, and UAC-0113, launched numerous malware intrusions as part of the campaign, the most recent of which involved the distribution of a fake KMS activation tool containing the BACKORDER malware loader that facilitated DarkCrystal RAT delivery following Windows Defender deactivation, according to an EclecticIQ analysis.
Intrusions involved the distribution of an obfuscated backdoor in the guise of a GTM and Google Analytics script for web analytics and advertising, which when executed from a Magento database table facilitates the exfiltration of credit card details, according to a report from Sucuri.