Black Friday is Now! Don’t miss out on up to 60% OFF InvestingProCLAIM SALE

Spy agencies hit in cyber espionage campaign - Kaspersky Lab

Published 07/08/2014, 15:17
Updated 07/08/2014, 15:20
Spy agencies hit in cyber espionage campaign - Kaspersky Lab

By Jim Finkle

LAS VEGAS (Reuters) - Security researchers at Kaspersky Lab said they have uncovered a cyber espionage operation that successfully penetrated two spy agencies and hundreds of government and military targets in Europe and the Middle East since the beginning of this year.

The hackers, according to Kaspersky, were likely backed by a nation state and used techniques and tools similar to ones employed in two other high-profile cyber espionage operations that Western intelligence sources have linked to the Russian government.

Kaspersky, a Moscow-based security software maker that also sells cyber intelligence reports, declined to say if it believed Russia was behind the espionage campaign.

Dubbed "Epic Turla," the operation stole vast quantities of data, including word processing documents, spreadsheets and emails, Kaspersky said, adding that the malware searched for documents with terms such as "NATO," "EU energy dialogue" and "Budapest."

"We saw them stealing pretty much every document they could get their hands," Costin Raiu, head of Kaspersky Lab's threat research team, told Reuters ahead of the release of a report on "Epic Turla" on Thursday during the Black Hat hacking conference in Las Vegas.

Kaspersky said the ongoing operation is the first cyber espionage campaign uncovered to date that managed to penetrate intelligence agencies. It declined to name those agencies, but said one was located in the Middle East and the other in the European Union.

Other victims include foreign affairs ministries and embassies, interior ministries, trade offices, military contractors and pharmaceutical companies, according to Kaspersky. It said the largest number of victims were located in France, the United States, Russia, Belarus, Germany, Romania and Poland.

Kaspersky said the hackers used a set of software tools known as "Carbon" or "Cobra," which have been deployed in at least two high-profile attacks. The first was an attack against the U.S. military's Central Command that was discovered in 2008. The second attack was against Ukraine and other nations, uncovered earlier this year, using malicious software dubbed "Snake" or "Uroburos."

Western intelligence sources told Reuters in March that they believed the Russian government was behind those two attacks. Russia's Federal Security Bureau had declined to comment at the time.

Symantec Corp, the biggest U.S. security software maker, said it also planned to release a report on "Epic Turla" and related campaigns on Thursday, following months of research. Symantec declined to say if the hackers were linked to Russia and would not name specific victims.

Many cybersecurity researchers refrain from commenting on who they believe are behind cyber attacks, saying they lack the intelligence needed to draw such conclusions.

The Kaspersky report suggests the hackers spoke Russian, though that could mean people from a number of countries. It said the control panels in software for running the "Epic Turla" campaign were set to use Russian Cyrillic characters and its code include the Russian word "Zagruzchick," which means "boot loader."

Symantec researcher Vikram Thakur said the hackers infected machines by first compromising websites that victims would likely visit, including sites of some government agencies. The software was designed to scan a computer to determine if it belonged to somebody who was of interest, such as a government employee, Thakur said.

© Reuters. An employee works near screens in the virus lab at the headquarters of Russian cyber security company Kaspersky Labs in Moscow

Once a PC is compromised, "Epic Turla" analysed the machine to see if it has data of interest to the hackers, distributing more Carbon components to further study the machine if it had such information, according to Kaspersky.

(Reporting by Jim Finkle; Editing by Tiffany Wu)

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.