A sophisticated piece of spyware has been quietly infecting hundreds of government computers across Europe and the US in one of the most complex cyberespionage programs uncovered to date.
Several security researchers and Western intelligence officers say they believe the malware, widely known as Turla, is the work of the Russian government and linked to the same software used to launch a massive breach on the US military uncovered in 2008.
It was also linked to a previously known, massive global cyberspying operation dubbed Red October targeting diplomatic, military and nuclear research networks.
Those assessments were based on analysis of tactics employed by hackers, along with technical indicators and the victims they targeted.
“It is sophisticated malware that’s linked to other Russian exploits, uses encryption and targets Western governments. It has Russian paw prints all over it,” said Jim Lewis, a former US foreign service officer, now senior fellow at the Center for Strategic and International Studies in Washington.
However, security experts caution that while the case for saying Turla looks Russian may be strong, it is impossible to confirm those suspicions unless Moscow claims responsibility.
Developers often use techniques to cloud their identity.
The threat surfaced this week after a little-known German anti-virus firm, G Data, published a report on the virus, which it called Uroburos, the name text in the code that may be a reference to the Greek symbol of a serpent eating its own tail.
Experts in state-sponsored cyberattacks say that hackers backed by the Russian government are known for being highly disciplined, adept at hiding their tracks, extremely effective at maintaining control of infected networks and more selective in choosing targets than their Chinese counterparts.
“They know that most people don’t have either the technical knowledge or the fortitude to win a battle with them. When they recognize that someone is onto them, they just go dormant,” one expert who helps victims of state-sponsored hacking said.
“They can draw on some very high-grade programmers and engineers, including the many who work for organized criminal groups, but also function as privateers,” a former Western intelligence official said.
Russia’s Federal Security Bureau declined comment, as did Pentagon and US Department of Homeland Security officials.
On Friday, Britain’s BAE Systems Applied Intelligence — the cyberarm of Britain’s premier defense contractor — published its own research on the spyware, which it called “snake.”
The sheer sophistication of the software, it said, went well beyond that previously encountered — although it did not attribute blame for the attack.
“The threat ... really does raise the bar in terms of what potential targets, and the security community in general, have to do to keep ahead of cyberattacks,” BAE Systems Applied Intelligence managing director Martin Sutherland said.
Security firms have been monitoring Turla for several years.
Symantec Corp estimates up to 1,000 networks have been infected by Turla and a related virus, Agent.BTZ. It named no victims, saying only that most were government computers.
BAE said it has collected more than 100 unique samples of Turla since 2010, including 32 from Ukraine, 11 from Lithuania and four from the UK. It obtained smaller numbers from other countries.
Hackers use Turla to establish a hidden foothold in infected networks from which they can search other computers, store stolen information, then transmit data back to their servers.
MONEY MATTERS: Xi was to highlight projects such as a new high-speed railway between Belgrade and Budapest, as Serbia is entirely open to Chinese trade and investment Serbian President Aleksandar Vucic yesterday said that “Taiwan is China” as he made a speech welcoming Chinese President Xi Jinping (習近平) to Belgrade, state broadcaster Radio Television of Serbia (RTS) said. “We have a clear and simple position regarding Chinese territorial integrity,” he told a crowd outside the government offices while Xi applauded him. “Yes, Taiwan is China.” Xi landed in Belgrade on Tuesday night on the second leg of his European tour, and was greeted by Vucic and most government ministers. Xi had just completed a two-day trip to France, where he held talks with French President Emmanuel Macron as the
With the midday sun blazing, an experimental orange and white F-16 fighter jet launched with a familiar roar that is a hallmark of US airpower, but the aerial combat that followed was unlike any other: This F-16 was controlled by artificial intelligence (AI), not a human pilot, and riding in the front seat was US Secretary of the Air Force Frank Kendall. AI marks one of the biggest advances in military aviation since the introduction of stealth in the early 1990s, and the US Air Force has aggressively leaned in. Even though the technology is not fully developed, the service is planning
INTERNATIONAL PROBE: Australian and US authorities were helping coordinate the investigation of the case, which follows the 2015 murder of Australian surfers in Mexico Three bodies were found in Mexico’s Baja California state, the FBI said on Friday, days after two Australians and an American went missing during a surfing trip in an area hit by cartel violence. Authorities used a pulley system to hoist what appeared to be lifeless bodies covered in mud from a shaft on a cliff high above the Pacific. “We confirm there were three individuals found deceased in Santo Tomas, Baja California,” a statement from the FBI’s office in San Diego, California, said without providing the identities of the victims. Australian brothers Jake and Callum Robinson and their American friend Jack Carter
CUSTOMS DUTIES: France’s cognac industry was closely watching the talks, fearing that an anti-dumping investigation opened by China is retaliation for trade tensions French President Emmanuel Macron yesterday hosted Chinese President Xi Jinping (習近平) at one of his beloved childhood haunts in the Pyrenees, seeking to press a message to Beijing not to support Russia’s war against Ukraine and to accept fairer trade. The first day of Xi’s state visit to France, his first to Europe since 2019, saw respectful, but sometimes robust exchanges between the two men during a succession of talks on Monday. Macron, joined initially by EU Commission President Ursula von der Leyen, urged Xi not to allow the export of any technology that could be used by Russia in its invasion