Saturday, March 8, 2014

Global Impact: Sophisticated Malware Created by Russia Targets Government Computers in Europe, US

According to Reuters, a sophisticated piece of spyware allegedly designed by Russia has been quietly infecting hundreds of government computers across Europe and the United States in one of the most complex cyber espionage programs to date.

Several security researchers and Western intelligence officers say they believe the malware, widely known as Turla, is the work of the Russian government and linked to the same software used to launch a massive breach on the US military uncovered in 2008. Those assessments were based on analysis of tactics employed by hackers, along with technical indicators and the victims they targeted.

COMMENT: Security experts caution that while the case for saying Turla looks Russian may be strong, it is impossible to confirm those suspicions unless Moscow claims responsibility. Developers often use techniques to conceal their identity.

Public talk of the threat surfaced this week after a little known German anti-virus firm, G Data, published a report on the virus, which it called Uroburos. The name is from a string of text in the code that may be a reference to a Greek symbol depicting a serpent eating its own tail.

Symantec Corp. estimates up to 1,000 networks have been infected by Turla and a related virus, "Agent.BTZ." 

Hackers use the Turla spyware to establish a hidden foothold in infected networks from which they can search other computers for data, store information that is of interest to then and eventually transmit it back to their servers.

European governments have long welcomed US help against Kremlin spying, but were infuriated last year to discover the scale of surveillance by America's National Security Agency (NSA) that stretched into its own borders.

Agent.BTZ was used in a massive cyber espionage operation on US Central Command that surfaced in 2008 and is one of the most serious US breaches to date.

Finland said its Foreign Ministry computer systems had been penetrated by an attack last year but would not describe the method or say if it was related to Agent.BTZ and Turla.

Sweden's signal intelligence agency, the National Defense Radio Establishment, said attacks to gain information were "more common than people think," adding that the agency had discovered multiple attacks against authorities, governments and universities, some only detected only after several years.

Researchers say that the creators of Turla have regularly updated its code, making changes to avoid detection as anti-virus companies detect new strains.