The Snake espionage campaign is not your ordinary cyber attack; it’s a detailed and complex cyber campaign.
Getting to the bottom of the cyber program, BAE Systems wrote a white paper detailing Snake, which has been in development since at least 2005.
Last week, German security company G Data published a report on Uroburos, an espionage rootkit they said ended up created and utilized by a Russian intelligence agency. BAE says Uroburos is only one component of a major project.
The 2008 attacks against U.S. networks, the ones that involved a piece of malware dubbed Agent.BTZ, are a part of this campaign, researchers said. The latest variants of Agent.BTZ are much more complex, but they still share similarities with the original threat.
Last year, the malware ended up spotted 8 times in Ukraine, 9 times in Lithuania, 4 times in the UK, 2 times in the U.S. and once in Romania.
Two of the samples analyzed by researchers ended up discovered in late January, which may mean the campaign is still active. There were 14 infections found this year in Ukraine.
The malware authors have used various names to identify different components of the project. In addition to “snake” and “uroburos,” experts have also seen “snark” and “sengoku.”
While this latest research paper doesn’t mention anything about a Russian intelligence agency being behind the cyber espionage operation, researchers did say the malware developers work just like any other professional, from Monday to Friday, from 9 a.m. to 6 p.m.
“What this research once more demonstrates, is how organized and well-funded adversaries are using highly sophisticated tools and techniques to target legitimate organizations on a massive scale,” said Martin Sutherland, managing director at BAE Systems Applied Intelligence.
“Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously,” Sutherland said.
“As the Snake research clearly illustrates, the challenge of keeping confidential information safe will continue for many years to come.”
The complete report on the Snake campaign is available on BAE Systems’ website.