View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Researchers unveil details of organised cyber-espionage campaigns

Researchers track remote access trojan in use since at least 2006.

By CBR Staff Writer

Details of organised cyber-espionage campaigns have been unveiled by researchers who have managed to identify about 275 families of malware.

The Dell SecureWorks team also classified the malware used by various groups, some being specially configured off-the-shelf software, while other malware is customized source code of an existing remote access trojan (RAT).

The team has tracked a RAT known as Comfoo, which has been in continuous development since at least 2006.

Researchers said the RAT has maintained a fairly low profile, even though it was used as part of the breach of security firm RSA in 2010, when its code was first analysed.

While monitoring Comfoo, researchers detected over 200 variants of the trojan and 64 different campaign tags used by the threat actors to organise their campaigns.

Various government entities and private firms based in the US, Europe, and Asia Pacific had Comfoo-infected computers phoning home to the Comfoo C2 infrastructure, meaning all the data they held was insecure.

The presence of Comfoo on a network or computer can be detected in several ways, even if AV engines lack detection for the latest variants and analysts can also search for known Comfoo threat indicators in network traffic, on hard drives, in memory, or in the Windows registry.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Reuters reported that a Chinese hacking group tied to the breach of RSA has targeted a maker of audio-visual conference equipment to tap into boardroom and other high-level remote meetings.

SecureWorks researcher Joe Stewart told the news agency: "I think they were looking for the source code, because that would help them find flaws they could use to eavesdrop in further attacks."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.