Russian law enforcement detected evidence of a remote access trojan (RAT) that infected the computer networks of 20 organizations across multiple sectors.
According to the Federal Security Service of the Russian Federation, a agency responsible for maintaining Russia’s internal security, the RAT bears the classic hallmarks of “high-profile cyber-espionage operations” based upon the design of its files, parameters, and use of infection.
Its modular design also helps the malware attack target systems on an individual basis.
As the agency explains in a statement, infection by the RAT proceeds as follows:
“The spread of the virus is carried out by means of targeted attacks on PC… by sending an e-mail containing a malicious attachment. After its introduction[,]… the malware loads the necessary modules, taking into account the peculiarities of the ‘victim’… and then is [capable of] intercept[ing] network traffic,… [taking] screen screenshots, [activating] web-cameras and microphones,… [logging] pressed keys on the keyboard, and so on.“
The malware is believed to have affected the computer networks of at least 20 organizations based in Russia’s territory. The list of victims allegedly includes public authorities, military institutions, and critical infrastructure.
At this time, Moscow has not revealed any names of the victim organizations nor whether the attackers stole any data.
The Federal Security Service continues to work with other ministries and agencies to identify all victims affected by the attacks and to minimize all damage caused by the RAT.
This malware campaign follows news of both the Democratic National Convention and Hillary Clinton’s U.S. presidential campaign having experienced hacking attacks in recent weeks.
U.S. officials have attributed the hacks to Russia, claiming state-sponsored attackers infiltrated protected computers and stole opposition research relating to Republican presidential nominee Donald Trump.
The Kremlin has repeatedly denied these claims.
As of this writing, the FBI is still investigating the hacks.