Symantec, a U.S. cyber security company, also reported that the malware was found in computers of its customers in China, Sweden, and Belgium.Panthermedia/Vostock-photo
At least 30 important organizations around the globe were targeted over the course of five years in cyber-espionage attacks, reported (in Russian) Kaspersky Lab, a Russian anti-virus software company. These targets were located in Russia, Iran, and Rwanda.
Symantec, a U.S. cyber security company, also reported that the malware was found in computers of its customers in China, Sweden, and Belgium. These attacks have been occurring since at least 2011.
The hackers were after information from governmental organizations. Kaspersky Lab said the high cost of the attacks, as well as their complexity and duration, is reason to believe that the hackers have high-level support. Symantec concurred with this analysis.
“Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation-state level attacker,” Symantec said on its website.
To add more intrigue to this story, on July 30 Russia's Federal Security Service (FSB) reported (in Russian) that about 20 Russian organizations have been attacked, including government agencies and military enterprises, which “indicates the targeted character of the virus, a professionally planned and executed operation.”
Alexei Lukatsky, an information security consultant at Cisco, told RBTH this might be the same virus, although it is difficult to be certain without knowing all the details. The FSB did not mention which government might have been involved in the attacks, when the attacks took place, and it is not known how exactly the attackers penetrate networks.
The hackers utilize a unique set of tools every time, carefully avoiding the ones previously used. It's believed that more organizations were hit by these hackers than has been announced.
“Sometimes targeted attacks are carried out using cheap ready-made tools, but Project Sauron is an entirely different matter,” said Vitaly Kamluk, an anti-virus researcher at Kaspersky Lab. “In this case, cyber-criminals develop new techniques and script codes every time. One-time application of a control server and encryption keys, combined with the most cutting-edge methods of other cyber-criminal groups, is a relatively new phenomenon.”
All rights reserved by Rossiyskaya Gazeta.