Major cybercriminals unearthed by cybersecurity experts

Aug 12 2016

RIR

New virus for government

Panthermedia / Vostock-photo

Kaspersky Lab, a Russian developer of anti-virus software, and the American company Symantec have simultaneously reported that a group of hackers called ‘Strider’ or Project Sauron attack government and army facilities, research centres and telecommunication operators in Russia and other countries.

At least 30 strategically important organizations have already suffered from the cybercriminal group's attacks, Kaspersky Lab said in a report . These include facilities in Russia, Iran, Rwanda, and "perhaps some Italian-speaking countries."

Earlier, Symantec said (http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets) it found the virus in the computers of its customers in China and Belgium.

‘Project Sauron’ has been active since at least 2011, researchers from Symantec say. The campaign’s ultimate goal is the theft of information from governmental organizations, experts say. According to Kaspersky Lab researchers, the high cost, complexity and duration of the attacks give grounds to assume that the attackers have support at the government level.

"Unfortunately, there is little specificity so far to suggest who exactly is behind the attack," Alexei Lukatsky, an information security consultant at Cisco, told RIR. "In late July, Russia's Federal Security Service reported that organizations on the Russian soil were hit. Judging by the description, this is the same virus, although it is difficult to talk about it with certainty without details," Lukatsky said.

According to the FSB, around 20 organizations have been attacked, including government agencies and enterprises of the military-industrial complex.

This "indicates the targeted character of the spread of the virus, a professionally planned and executed operation," the FSB said in its report.

The report did not mention the government of which country might have been involved in the attacks. It is not known how exactly the attackers penetrate networks: they employ a unique set of tools every time, while carefully avoiding the ones they have used before. It is most likely that many more organizations have been affected by the attacks.

"Sometimes targeted attacks are carried out using cheap ready-made tools, but ‘Project Sauron’ is an entirely different matter," said Vitaly Kamluk, an anti-virus researcher at Kaspersky Lab. "In this case, cybercriminals develop new techniques and script codes every time. The strategy of a one-time application of unique tools such as a control server and encryption keys, combined with the most cutting-edge methods of other cybercriminal groups is a relatively new phenomenon."

kaspersky attacks RIR Technology