Researchers Uncover Advanced Cyber-Espionage Malware
Cernescu Andrei / 4 years ago
Malware can be easy to spot sometimes, but other times it can be incredibly elusive, especially it was put together by government-sponsored hacking groups. A good example is the Stuxnet worm, which was allegedly created by the US and Israel in order to infect Iran’s nuclear program, or this impressive piece of malware that managed to operate under the radar for about five years. Named “ProjectSauron,” “Strider,” or “Remsec,” this new malware type has been uncovered recently by Symantec and Kaspersky, and it might have been used for state-sponsored attacks on 36 computers across at least seven organizations since 2011.
Some of its most noteworthy targets include a Chinese airline, several Russian individuals, an organization in Sweden, and an embassy in Belgium. It also targeted telecommunications companies, military installations, financial institutions and scientific research centers, which means that few computers were actually safe from it. The reason why the malware managed to remain hidden for five years is that it was designed to avoid the usual patterns that security experts look for. It was finally discovered when an unnamed government organization asked Kaspersky to investigate weird behaviors in its network traffic.
ProjectSauron can even move across air-gapped computers and is able to collect cryptographic keys, IP addresses, configuration files, and passwords, all of which are stored in a USB drive that’s seen as approved by Windows. Both Kaspersky and Symantec said that this kind of complexity suggests that the malware was created by specialist teams and that it must have required millions of dollars in order to operate.