A sophisticated piece of spyware has been quietly infecting hundreds of government computers across Europe and the US in one of the most complex cyberespionage programs uncovered to date.
Several security researchers and Western intelligence officers say they believe the malware, widely known as Turla, is the work of the Russian government and linked to the same software used to launch a massive breach on the US military uncovered in 2008.
It was also linked to a previously known, massive global cyberspying operation dubbed Red October targeting diplomatic, military and nuclear research networks.
Those assessments were based on analysis of tactics employed by hackers, along with technical indicators and the victims they targeted.
“It is sophisticated malware that’s linked to other Russian exploits, uses encryption and targets Western governments. It has Russian paw prints all over it,” said Jim Lewis, a former US foreign service officer, now senior fellow at the Center for Strategic and International Studies in Washington.
However, security experts caution that while the case for saying Turla looks Russian may be strong, it is impossible to confirm those suspicions unless Moscow claims responsibility.
Developers often use techniques to cloud their identity.
The threat surfaced this week after a little-known German anti-virus firm, G Data, published a report on the virus, which it called Uroburos, the name text in the code that may be a reference to the Greek symbol of a serpent eating its own tail.
Experts in state-sponsored cyberattacks say that hackers backed by the Russian government are known for being highly disciplined, adept at hiding their tracks, extremely effective at maintaining control of infected networks and more selective in choosing targets than their Chinese counterparts.
“They know that most people don’t have either the technical knowledge or the fortitude to win a battle with them. When they recognize that someone is onto them, they just go dormant,” one expert who helps victims of state-sponsored hacking said.
“They can draw on some very high-grade programmers and engineers, including the many who work for organized criminal groups, but also function as privateers,” a former Western intelligence official said.
Russia’s Federal Security Bureau declined comment, as did Pentagon and US Department of Homeland Security officials.
On Friday, Britain’s BAE Systems Applied Intelligence — the cyberarm of Britain’s premier defense contractor — published its own research on the spyware, which it called “snake.”
The sheer sophistication of the software, it said, went well beyond that previously encountered — although it did not attribute blame for the attack.
“The threat ... really does raise the bar in terms of what potential targets, and the security community in general, have to do to keep ahead of cyberattacks,” BAE Systems Applied Intelligence managing director Martin Sutherland said.
Security firms have been monitoring Turla for several years.
Symantec Corp estimates up to 1,000 networks have been infected by Turla and a related virus, Agent.BTZ. It named no victims, saying only that most were government computers.
BAE said it has collected more than 100 unique samples of Turla since 2010, including 32 from Ukraine, 11 from Lithuania and four from the UK. It obtained smaller numbers from other countries.
Hackers use Turla to establish a hidden foothold in infected networks from which they can search other computers, store stolen information, then transmit data back to their servers.
Female flight attendants working for Japan Airlines would next month be allowed to wear trousers and abandon high heels, the company said on Thursday, after a feminist campaign took off. The airline became one of the first major Japanese firms to announce the shift after a campaign known as #KuToo last year rejected mandatory high heels at work, drawing more than 32,000 signatures in an online petition. The campaign is part of a wider feminism movement in Japan, with Japan Airlines saying that the new policy was aimed at boosting a “diverse working environment.” PANTS PERMIT “This will be the first time to introduce
FATAL IDEA: The nation’s drugs regulator is curbing use of hydroxychloroquine, which Donald Trump has promoted for its alleged potential to treat COVID-19 Australia’s drug regulator has been forced to restrict powers to prescribe a drug undergoing clinical trials to treat COVID-19, because doctors have been inappropriately prescribing it to themselves and their family members, despite potentially deadly side effects. The anti-malarial drug hydroxychloroquine and the similar compound chloroquine are currently used mostly for patients with autoimmune diseases such as rheumatoid arthritis, but stocks in Australia have been diminished thanks to global publicity — including from US President Donald Trump — about the potential of the drug to treat COVID-19. Hydroxychloroquine and chloroquine have potentially severe and even deadly side effects if used inappropriately, including
PORNHUB: Campaigners warn that videos of serious crimes, such as rape, are being uploaded to the site, which has failed to ban or moderate illegal content British lawmakers and campaigners are calling for urgent action to stop videos of rape, revenge porn and child abuse being posted on Pornhub as traffic to the site booms amid a worldwide COVID-19 lockdown. Pornhub’s traffic is up a record 12 percent this month compared with last month, as millions of people across the world are told to stay in their homes. Pornhub owner Mindgeek has used the coronavirus lockdowns to promote its site, giving free Premium access to people living in isolation in Italy, Spain and France. The offer has led to a huge increase in visits to the site from affected
TARGETED: Although hackers are known to be seeking to capitalize on concern over COVID-19, a cybersecurity expert said he had never seen anything to this extent before Elite hackers tried to break into the WHO earlier this month, sources said, part of what a senior agency official said was a more than two-fold increase in cyberattacks. The identity of the hackers was unclear and the effort was unsuccessful, WHO Chief Information Security Officer Flavio Aggio said. However, he warned that hacking attempts against the agency and its partners have soared as they battle to contain COVID-19, which has killed more than 15,000 worldwide. The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group,