The malware, which has been used in an espionage attack since 2022, includes a capability that specifically targets the client drive mapping feature within Remote Desktop Protocol.
The Qakbot malware operators have shifted tactics again to adapt to changes in defenses.
A new RAT known as SeroXen is for sale on forums and social media platforms and has the ability to evade EDR and delivers a rootkit.
The discovery of CosmicEnergy is unique because malware families targeting industrial control systems are rarely disclosed.
Researchers said that it "is difficult to measure" the potential long-term impact of TurkoRat infections on developer systems.