The Russian government could be responsible for “Uroburos,” a highly-sophisticated piece of malware designed to steal information from organizations and nation states, according to German security firm G Data Security.
In a threat report (PDF), G-Data said Uroburos is an extremely advanced rootkit, and may have avoided detection for three years or more.
According to a report by TechWeek Europe, G Data Security has deduced that the Russian Russian government is involved based on the complexity of the malware, the presence of Cyrillic characters, and similarities (such as file names, encryption keys) to the Agent.BTZ malware attack against the US in 2008 suspected to have been the work of the Russian intelligence service.
The Uroburos rootkit consists of a driver and an encrypted virtual file system. It is able to take control of an infected machine, execute arbitrary commands and hide system activities, and steal information like files but also capture network traffic.
G Data Security notes: “Its modular structure allows extending it with new features easily, which makes it not only highly sophisticated but also highly flexible and dangerous. Uroburos’ driver part is extremely complex and is designed to be very discreet and very difficult to identify.”
Infected machines communicate among each other in a peer-to-peer method, making it possible to infect further machines within the network, even the ones without Internet connectivity. This lets the attackers spy on each infected machine by relaying exfiltrated data through infected machines to one Internet connected machine.
The initial vectors that allow Uroburos to infiltrate high profile networks still remains unknown, but many are conceivable such as spear phishing, drive-by-infections, USB sticks, and social engineering.
Earlier this year, the Russian government was suspected of sanctioning hacking foreign companies in an effort to give local companies an advantage over foreign competitors.
G Data Security says that Uroburos could just be the beginning of a new breed of highly sophisticated malware that will threaten countries and organizations. “The developer team behind the development and the design of such an enhanced framework is really skilled. We believe that, until today, the team behind Uroburos has developed an even more sophisticated framework, which still remains undiscovered.”