LONDON – Dozens of computer networks in Ukraine have been infected by an aggressive new cyber weapon called Snake, according to expert analysis.
The cyber weapon has been increasingly used since the start of this year, even before protests that led to the overthrow of president Viktor Yanukovych, British-based BAE Systems said in a report published Friday.
The complex composition of Snake bears similarities with Stuxnet, the malware that disrupted Iran’s nuclear facilities in 2010.
Snake — also known as Ouroboros after the serpent in Greek mythology — gives remote attackers “full remote access to the compromised system,” BAE said.
Because it can stay inactive for a number of days, it is extremely hard to detect.
Although its origins are unclear, its developers appear to operate it in the same timezone as Moscow — GMT plus four hours — and some Russian text is embedded into the code, BAE says.
BAE has identified 14 cases of Snake in Ukraine since the start of 2014, compared to eight cases in the whole of 2013. In all there have been 32 reported cases in Ukraine since 2010, out of 56 worldwide.
“Our report shows that a technically sophisticated and well-organised group has been developing and using these tools for the last eight years,” said David Garfield, the managing director of cyber security at BAE Systems Applied Intelligence.
“There is some evidence that links these tools to previous breaches connected to Russian threat actors but it is not possible to say exactly who is behind this campaign.”
Nigel Inkster, who until 2006 was the head of operations and intelligence at Britain’s MI6 foreign intelligence agency, said Russia was most likely behind the cyber-attacks on Ukraine.
“If you look at it in probabilistic terms… then the list of suspects boils down to one,” he told the Financial Times newspaper.
“Until recently the Russians have kept a low profile, but there’s no doubt in my mind that they can do the full scope of cyber attacks, from denial of service to the very, very sophisticated.”
Related Reading: ‘Snake’ Cyber-Espionage Malware Slithered Around Web for Years