An aggressive cyber weapon called Snake has infected dozens of Ukrainian computer networks including government systems in one of the most sophisticated attacks of recent years.
Also known as Ouroboros, after the serpent of Greek mythology that swallowed its own tail, experts say it is comparable in its complexity with Stuxnet, the malware that was found to have disrupted Iran’s uranium enrichment programme in 2010.
The origins of Ouroboros remain unclear, but its programmers appear to have developed it in a GMT+4 timezone – which encompasses Moscow – according to clues left in the code, parts of which also contain fragments of Russian text. It is believed to be an upgrade of the Agent.BTZ attack that penetrated US military systems in 2008.
Ըստ Symantec֊ի, զոհերը նաեւ Հայաստանում են եղել ֊ այստեղի դեսպանատները
While infections initially appeared to be spread over a range of European countries, closer analysis revealed that many infections in Western Europe occurred on computers that were connected to private government networks of former Eastern Bloc countries. These infections appear to have transpired in the embassies of these countries.
Analysis of infections revealed that the attackers were heavily focused on a small number of countries. For example, in May of 2012, the office of the prime minister of a former Soviet Union member country was infected. This infection spread rapidly and up to 60 computers at the prime minister’s office were compromised.
Another attack saw a computer at the embassy to France of a second former Soviet Union member infected in late 2012. During 2013, infections began to spread to other computers linked to the network of this country’s ministry of foreign affairs. In addition, its ministry of internal affairs was also infected. Further investigation uncovered a systematic spying campaign targeted at its diplomatic service. Infections were discovered at embassies in Belgium, Ukraine, China, Jordan, Greece, Kazakhstan, Armenia, Poland, and Germany.
At least five other countries in the region were targeted by similar attacks. While the attackers have largely focused on the former Eastern Bloc, a number of other targets were also found. These included the ministry for health of a Western European country, the ministry for education of a Central American country, a state electrical authority in the Middle East, and a medical organization in the US.
Kaspersky լաբորատորիան իրա տվյալներով ուրիշ երկներ է տալիս որպես թիրախ
В течение последних 10 месяцев эксперты «Лаборатории Касперского» осуществляют анализ крупномасштабной кампании по кибершпионажу, которой мы присвоили название «Epic Turla». Злоумышленникам, организовавшим эту кампанию, удалось заразить несколько сотен компьютеров в более чем 45 странах мира, принадлежащих, в частности, государственным учреждениям, посольствам, военным, исследовательским центрам и фармацевтическим компаниям.