Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Ukraine’s Computers Targeted by Powerful Malware: Experts

LONDON – Dozens of computer networks in Ukraine have been infected by an aggressive new cyber weapon called Snake, according to expert analysis.

LONDON – Dozens of computer networks in Ukraine have been infected by an aggressive new cyber weapon called Snake, according to expert analysis.

The cyber weapon has been increasingly used since the start of this year, even before protests that led to the overthrow of president Viktor Yanukovych, British-based BAE Systems said in a report published Friday.

The complex composition of Snake bears similarities with Stuxnet, the malware that disrupted Iran’s nuclear facilities in 2010.

Snake — also known as Ouroboros after the serpent in Greek mythology — gives remote attackers “full remote access to the compromised system,” BAE said.

Because it can stay inactive for a number of days, it is extremely hard to detect.

Although its origins are unclear, its developers appear to operate it in the same timezone as Moscow — GMT plus four hours — and some Russian text is embedded into the code, BAE says.

BAE has identified 14 cases of Snake in Ukraine since the start of 2014, compared to eight cases in the whole of 2013. In all there have been 32 reported cases in Ukraine since 2010, out of 56 worldwide.

“Our report shows that a technically sophisticated and well-organised group has been developing and using these tools for the last eight years,” said David Garfield, the managing director of cyber security at BAE Systems Applied Intelligence.

“There is some evidence that links these tools to previous breaches connected to Russian threat actors but it is not possible to say exactly who is behind this campaign.”

Nigel Inkster, who until 2006 was the head of operations and intelligence at Britain’s MI6 foreign intelligence agency, said Russia was most likely behind the cyber-attacks on Ukraine.

“If you look at it in probabilistic terms… then the list of suspects boils down to one,” he told the Financial Times newspaper.

“Until recently the Russians have kept a low profile, but there’s no doubt in my mind that they can do the full scope of cyber attacks, from denial of service to the very, very sophisticated.”

Related Reading: ‘Snake’ Cyber-Espionage Malware Slithered Around Web for Years

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.