Image Credit: twimg.com
The malware is named Project Sauron after references to JRR Tolkien’s dark lord were found in the code” A sophisticated form of malware known as “Project Sauron” an Unusually Advanced Malware that hid for 5 Years at a string of organizations, according to security researchers. A state-sponsored group may have designed The malware. It can disguise itself as benign files and not operate in predictable ways, making it harder to detect. Kaspersky Lab experts and Symantec said it allows to spy on infected computers. Kaspersky first detected the malware on an unspecified “government organization” network in September last year, Since then, the firm has been claimed to find evidence of “Project Sauron” at more than 30 organizations in Russia, Iran, and Rwanda. According to Kaspersky, these were generally government, scientific, military, telecoms and financial organizations. Separately, Symantec claimed it had found the malware in other countries, including at an airline in China and an embassy in Belgium.
Image Credit: pcquest.com
Project Sauron is enabled to disguise itself in a wide variety of ways, likes files with names similar to OS publishing organizations like Microsoft and using various methods for sending data back to the attacker.
“The attackers clearly understand that we as researchers are always looking for patterns. Remove the patterns and the operation will be harder to discover.” the company notes in its report. ”
According to Symantec the malware can open a “back door” and steal files, log all keystrokes and allow wide-ranging access to the affected computer,
Kaspersky’s director of threat researcher Costin Raiu said Project Sauron did not share any code with other known examples of similarly powerful malware,
“It really stands out by itself as something very, very sophisticated,” Mr. Raiu told the BBC.
Image copyrightKASPERSKY LABImage captionProject Sauron may have been created by a state-sponsored hacker group, researchers believe
It is also pointed out that the malware’s victims had been infected with other highly sophisticated malicious programs, for example, the victim was found to have Regin spyware on their systems,
“This would suggest that the actor behind Project Sauron is perhaps different,” suggested Mr. Raiu.
Image Credit: twimg.com
Project Sauron demonstrates the malware is sophisticated enough to have the ability to steal sensitive data – such as encryption keys – from computers that are not even connected to the internet. If an infected USB drive being inserted into the computer, hidden cache of files able to deposit malware in PC.
Project Sauron may have been used to steal confidential files at more than 30 organizations, claims Kaspersky Lab.
It is still not clear how the attackers would have used this method to control an air-gapped computer, but they believe it might have been via a “zero day” – previously undetected – exploit that they have not yet found.
“We believe it was probably deployed in rare, hard-to-catch instances,” notes the Kaspersky report.
According to cybersecurity expert, Graham Cluley has characterized Project Sauron as a state-sponsored style malware. “These are very stealthy, insidious attacks that can lurk in the background for years gathering information,” he told the BBC.
“We have seen the steady progression and evolution of these sorts of attacks. As governments try to protect themselves and get clued up, it is essentially an arms race.”