US DoD’s first malware submissions to Google-bought VirusTotal is Russia-linked LoJack

The US Department of Defense has opened a narrow door to some malware its units have caught that will be shared with the wider cybersecurity industry.

Amid US mid-term election jitters about Russian manipulation, a unit within the US DoD has submitted its first ever malware sample to VirusTotal, a threat intelligence website that Google acquired in 2012, and this year became part of Google’s parent company, as it was moved to Alphabet’s security unit, Chronicle.    

The US Cyber Command (Cybercom), the Cyber National Mission Force (CNMF) — a unit within the US DoD launched at a National Security Agency (NSA) event in 2014 — is overseeing the new malware intelligence sharing initiative.

According to DoD, CNMF “plans, directs and synchronizes full-spectrum cyberspace operations to deter, disrupt and if necessary, defeat adversary cyber actors to defend the nation”. 

Cybercom says CNMF will be sharing “unclassified malware samples” with VirusTotal, which will be available to anyone in the world, but serves as a nod to its assistance and collaboration with US public sector organizations.   

“Recognizing the value of collaboration with the public sector, the CNMF has initiated an effort to share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity,” US Cyber Command said

CNMF posted two malware samples to the VirusTotal website yesterday, both of which are identified as variants of LoJack aka LoJax malware by antivirus vendors. The group’s submissions can be found on its VirusTotal profile. Each submission is signed with Cybercom’s MD5 hash “9ec4c12949a4f31474f299058ce2b22a”.   

Every submission made by CNMF can be found under the group’s user name on VirusTotal at this link.

Researchers at US security firm Arbor Networks in May reported LoJack was connecting to infrastructure used by APT28, aka Fancy Bear, a hacking group that Five Eye nations and the Netherlands have blamed for hacks on the DNC, the World Anti-Doping Agency, and the MH17 air crash investigation in Malaysia.    

Russia’s alleged cyber-campaigns to influence the 2016 presidential elections put a spotlight on cyberattacks against US political groups in the lead up to the US mid-term elections, taking place today. 

Since the 2016 election Microsoft and Google have launched free services to protect members of political organizations from phishing and malware attacks.    

VirusTotal, a company founded in southern Spanish tech hub, Malaga, was acquired by Google in 2012 before being handed off to Alphabet-owned Chronicle earlier this year. 

The website is a useful tool for malware researchers and admins who want to find out whether malicious files and documents have been detected as malicious by several popular antivirus products.     

Tags GoogleAlphabetAPT28Lojack

Show Comments