March 7, 2014 ·
Putin’s Stuxnet Moment: Russian Cyber Weapon Stalked U.S./Ukraine Since 2005
Techworld.com’s John Dunn is reporting this morning that “the mysterious ‘Uroburos’ cyber weapon outed last week in Germany, has been stalking its victims since as far back as 2005.” The U.K. defense/security firm BAE Systems is urging that large enterprises and governments pay serious attention to the threat it poses. BAE’s report, “Snake Campaign and Cyber Espionage Toolkit,” is attached.
The German firm G Data dubbed the new cyber virus/weapon Uroburos; while BAE’s Applied Intelligence Division calls the newly discovered cyber virus “Snake.” According to BAE Systems, “the Snake has been slithering silently around networks in the U.S. and its NATO allies, and former Soviet states for almost a decade, — stealing data, getting more complex, and modular, and remaining almost invisible.”
“To be clear, this isn’t any old malware,” says Mr. Dunn, who adds that “the Snake has been too long-lived, too targeted, too sophisticated, too evasive, and too innovative. It appears to be on par with any of the complex cyber weapons attributed to the U.S. such as Flame, first analyzed by Kapersky Lab in 2012.”
“After several months of research,” BAE Systems, for the first time, takes what we previously understood about the Snake, and enlarges the totality of the threat this particular cyber virus poses. BAE researchers identified the Snake 32 times in the Ukraine since 2010, 11 times in Lithuania, 4 times in the U.K. and a handful of times altogether in the U.S., Belgium, Georgia, Romania, Hungry, and Italy,” according to their report. While not totally conclusive, BAE’s research makes a compelling case that the Snake has been exclusively targeted against Western, and Western-aligned countries. In 2008, Mr. Dunn notes that DoD reported something called Agent btz in some of their systems, something BAE says was probably an earlier version of the Snake.
Clues that this cyber weapon is likely a state-sponsored Russian cyber virus include: Compile times show a time offset of UTC+4 hours, while Russian references have been found in the code. BAE says this cyber virus is “clearly not commercial malware, and would have required large government resources to invent and deploy in the manner that was discovered. BAE also concluded that the cyber virus originated from a country who’s name begins with the letter R.
“The element of attribution is always difficult,” says BAE Systems Applied Intelligence Cyber Security Managing Director, David Garfield. “It turns into conjecture, and it would be dangerous to make too many guesses. But this is a call to arms [The malware], is highly complex. It has all the elements of a cyber espionage toolkit. It is highly serious.”
Mr. Dunn adds that BAE Systems notified the victims of this virus before publishing their research, and noted that there will still variants of the virus present in several of these compromised networks. Mr. Dunn said that BAE Systems “does not reveal any information about the people who may have created this virus. “What this research once more demonstrates, is how organized and well-funded adversaries are using highly sophisticated tools and techniques to target legitimate organizations on a massive scale.” said BAE Systems Applied Intelligence Managing Director, Martin Sutherland. “Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously.” V/R, RCP
No comments:
Post a Comment