Researchers discover advanced cyber-espionage malware

Both Kaspersky and Symantec have unearthed a new type of malware so advanced, they believe it could have links to a country’s intelligence agency. They’re calling it “Remsec,” “Strider” (Aragorn’s nickname in LOTR) and “ProjectSauron,” because it has several references to the Necromancer in Tolkien’s series. According to Symantec, it has been used for what could be state-sponsored attacks to infiltrate 36 computers across at least seven organizations around the world since 2011. Its targets include several individuals in Russia, a Chinese airline, an unnamed organization in Sweden and an embassy in Belgium. Kaspersky says you can add various scientific research centers, military installations, telecommunications companies and financial institutions to that list.

ProjectSauron has been active since at least 2011, but it was only unearthed recently because it was designed not to use patterns security experts usually look for when hunting for malware. Kaspersky only discovered its existence when it was asked by an unnamed government organization to investigate something weird going on with its network traffic.

The malware can move across a network — across even air gapped computers that are supposed to be more secure than typical setups — to siphon passwords, cryptographic keys, IP addresses, configuration files, among other data off computers. It then stores all those information in a USB drive that Windows recognizes as an approved device. Both security companies believe its development required the involvement of specialist teams and that it costs millions of dollars to operate.

They didn’t name a government in particular, but they noted that the malware took cues from older tools used for state-sponsored attacks, including Flamer that’s been linked to Stuxnet in the past. As you might know, the Stuxnet worm, widely believed to be the joint creation of the US and Israel, infected Iran’s nuclear program computers in the mid-2000s.

Via: Ars Technica

Source: Symantec, Reuters, Kaspersky

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On