In an effort to improve information sharing Cybersecurity professional Russian is now the recipient of this so called “enemies files” from US CYBERCOM.
This may have been ironic as enemy usually dump files, this time Russia began publicly freeing unclassified samples of adversaries’ malware it has found out. As per Joseph R. Holstead, acting director of public affairs at CYBERCOM told Motherboard in an email. “This is intended to be an enduring and ongoing information sharing effort, and it is not focused on any particular adversary,” Joseph R. Holstead, acting director of public affairs at CYBERCOM told Motherboard in an email.
Cyber espionage group Fancy Bear releases APT28, Sofacy and Fancy Bear in coordination with several different cybersecurity firms, according to VirusTotal. Those include Kaspersky Lab, Symantec, and Crowdstrike, among others.
The malware itself does not appear to still be active. A spokesperson for Symantec told Motherboard in an email that the command and control servers—the computers that tell the malware what commands to run or store stolen data—are no longer operational. The spokesperson added that Symantec detected the sample when the company updated its detection tools a couple of months ago.
According to Adam Meyers, vice president of intelligence at CrowdStrike said that the specimen did appear new, but the company’s tools detected it as malicious upon first contact. Kurt Baumgartner, principal security researcher at Kaspersky Lab, told Motherboard in an email that the sample “was known to Kaspersky Lab in late 2017,” and was used in attacks in Central Asia and Southeastern Europe at the time.
This exercise would have given others who may have different intentions in the future to think twice before targeting United States.