A sophisticated piece of spyware has been quietly infecting hundreds of government computers across Europe and the US in one of the most complex cyberespionage programs uncovered to date.
Several security researchers and Western intelligence officers say they believe the malware, widely known as Turla, is the work of the Russian government and linked to the same software used to launch a massive breach on the US military uncovered in 2008.
It was also linked to a previously known, massive global cyberspying operation dubbed Red October targeting diplomatic, military and nuclear research networks.
Those assessments were based on analysis of tactics employed by hackers, along with technical indicators and the victims they targeted.
“It is sophisticated malware that’s linked to other Russian exploits, uses encryption and targets Western governments. It has Russian paw prints all over it,” said Jim Lewis, a former US foreign service officer, now senior fellow at the Center for Strategic and International Studies in Washington.
However, security experts caution that while the case for saying Turla looks Russian may be strong, it is impossible to confirm those suspicions unless Moscow claims responsibility.
Developers often use techniques to cloud their identity.
The threat surfaced this week after a little-known German anti-virus firm, G Data, published a report on the virus, which it called Uroburos, the name text in the code that may be a reference to the Greek symbol of a serpent eating its own tail.
Experts in state-sponsored cyberattacks say that hackers backed by the Russian government are known for being highly disciplined, adept at hiding their tracks, extremely effective at maintaining control of infected networks and more selective in choosing targets than their Chinese counterparts.
“They know that most people don’t have either the technical knowledge or the fortitude to win a battle with them. When they recognize that someone is onto them, they just go dormant,” one expert who helps victims of state-sponsored hacking said.
“They can draw on some very high-grade programmers and engineers, including the many who work for organized criminal groups, but also function as privateers,” a former Western intelligence official said.
Russia’s Federal Security Bureau declined comment, as did Pentagon and US Department of Homeland Security officials.
On Friday, Britain’s BAE Systems Applied Intelligence — the cyberarm of Britain’s premier defense contractor — published its own research on the spyware, which it called “snake.”
The sheer sophistication of the software, it said, went well beyond that previously encountered — although it did not attribute blame for the attack.
“The threat ... really does raise the bar in terms of what potential targets, and the security community in general, have to do to keep ahead of cyberattacks,” BAE Systems Applied Intelligence managing director Martin Sutherland said.
Security firms have been monitoring Turla for several years.
Symantec Corp estimates up to 1,000 networks have been infected by Turla and a related virus, Agent.BTZ. It named no victims, saying only that most were government computers.
BAE said it has collected more than 100 unique samples of Turla since 2010, including 32 from Ukraine, 11 from Lithuania and four from the UK. It obtained smaller numbers from other countries.
Hackers use Turla to establish a hidden foothold in infected networks from which they can search other computers, store stolen information, then transmit data back to their servers.
Chinese President Xi Jinping (習近平) is to visit Russia next month for a summit of the BRICS bloc of developing economies, Chinese Minister of Foreign Affairs Wang Yi (王毅) said on Thursday, a move that comes as Moscow and Beijing seek to counter the West’s global influence. Xi’s visit to Russia would be his second since the Kremlin sent troops into Ukraine in February 2022. China claims to take a neutral position in the conflict, but it has backed the Kremlin’s contentions that Russia’s action was provoked by the West, and it continues to supply key components needed by Moscow for
Japan scrambled fighter jets after Russian aircraft flew around the archipelago for the first time in five years, Tokyo said yesterday. From Thursday morning to afternoon, the Russian Tu-142 aircraft flew from the sea between Japan and South Korea toward the southern Okinawa region, the Japanese Ministry of Defense said in a statement. They then traveled north over the Pacific Ocean and finished their journey off the northern island of Hokkaido, it added. The planes did not enter Japanese airspace, but flew over an area subject to a territorial dispute between Japan and Russia, a ministry official said. “In response, we mobilized Air Self-Defense
CRITICISM: ‘One has to choose the lesser of two evils,’ Pope Francis said, as he criticized Trump’s anti-immigrant policies and Harris’ pro-choice position Pope Francis on Friday accused both former US president Donald Trump and US Vice President Kamala Harris of being “against life” as he returned to Rome from a 12-day tour of the Asia-Pacific region. The 87-year-old pontiff’s comments on the US presidential hopefuls came as he defied health concerns to connect with believers from the jungle of Papua New Guinea to the skyscrapers of Singapore. It was Francis’ longest trip in duration and distance since becoming head of the world’s nearly 1.4 billion Roman Catholics more than 11 years ago. Despite the marathon visit, he held a long and spirited
China would train thousands of foreign law enforcement officers to see the world order “develop in a more fair, reasonable and efficient direction,” its minister for public security has said. “We will [also] send police consultants to countries in need to conduct training to help them quickly and effectively improve their law enforcement capabilities,” Chinese Minister of Public Security Wang Xiaohong (王小洪) told an annual global security forum. Wang made the announcement in the eastern city of Lianyungang on Monday in front of law enforcement representatives from 122 countries, regions and international organizations such as Interpol. The forum is part of ongoing