Russian spyware is hunting for military data
Experts at the German G Data have discovered a highly advanced virus, presumably of Russian origin, designed to steal confidential data from computers in U.S. government organizations. The attack appears to be a continuation of the intrusion six years ago - it took the Pentagon 14 months to clear its network.
In 2008, one of the largest cyber attacks against the United States came to light. The action started with someone “leaving” a USB drive in a Department of Defense parking lot. The media contained the malware Agent.btz, which infected the U.S. military network and was able to open back doors on the attacked machines and then leak data through them.
Experts at AG Data have now found a new, even more advanced virus and say the malware may have been active for the past three years. The code of the spyware includes the name Uroburos, which comes from an ancient Greek symbol and depicts a dragon biting into its own tail, referring to self-reflection, complexity. However, the name appears in the Resident Evil film and video game series, the name of a virus that its creators want to use to change the balance of power in the world.
The extremely complex program code, the use of the Russian language, and the fact that Uroburos is not activated on computers that still have Agent.btz all suggest that it is a well-organized action aimed at removing military networks. obtaining information. The virus is able to leak data from computers that are not directly connected to the Internet. To do this, it builds its own communication channels in the networks and then transmits the data from machines that do not have an online connection to those that connect to the World Wide Web. What makes this all the more is that in a large network, it is extremely difficult to find out which online computer is stealing data from a workstation not connected to the World Wide Web and then forwarding it to the malware’s creators.
In terms of its IT architecture, Uroburos is a so-called rootkit, which is created from two files, a driver and a virtual file system. A rootkit can take control of an infected computer, execute commands, and hide system processes. Thanks to its modular design, it can be updated at any time with new features, which makes it extremely dangerous. The programming style of the driver file is complex and discreet, making it difficult to identify. Experts at AG Data emphasize that creating such a malware requires a serious development team and knowledge, which also makes it likely that it is a targeted attack. The fact that the driver and the virtual file system are separated in malicious code also means that only both have the rootkit framework to analyze, which makes it extremely difficult to detect Uroburos. For more information on the technical operation of the pest a G Data antivirus website in Hungary readable.
