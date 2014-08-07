| LAS VEGAS
LAS VEGAS Aug 7 Security researchers at
Kaspersky Lab said they have uncovered a cyber espionage
operation that successfully penetrated two spy agencies and
hundreds of government and military targets in Europe and the
Middle East since the beginning of this year.
The hackers, according to Kaspersky, were likely backed by a
nation state and used techniques and tools similar to ones
employed in two other high-profile cyber espionage operations
that Western intelligence sources have linked to the Russian
government.
Kaspersky, a Moscow-based security software maker that also
sells cyber intelligence reports, declined to say if it believed
Russia was behind the espionage campaign.
Dubbed "Epic Turla," the operation stole vast quantities of
data, including word processing documents, spreadsheets and
emails, Kaspersky said, adding that the malware searched for
documents with terms such as "NATO," "EU energy dialogue" and
"Budapest."
"We saw them stealing pretty much every document they could
get their hands," Costin Raiu, head of Kaspersky Lab's threat
research team, told Reuters ahead of the release of a report on
"Epic Turla" on Thursday during the Black Hat hacking conference
in Las Vegas.
Kaspersky said the ongoing operation is the first cyber
espionage campaign uncovered to date that managed to penetrate
intelligence agencies. It declined to name those agencies, but
said one was located in the Middle East and the other in the
European Union.
Other victims include foreign affairs ministries and
embassies, interior ministries, trade offices, military
contractors and pharmaceutical companies, according to
Kaspersky. It said the largest number of victims were located in
France, the United States, Russia, Belarus, Germany, Romania and
Poland.
Kaspersky said the hackers used a set of software tools
known as "Carbon" or "Cobra," which have been deployed in at
least two high-profile attacks. The first was an attack against
the U.S. military's Central Command that was discovered in 2008.
The second attack was against Ukraine and other nations,
uncovered earlier this year, using malicious software dubbed
"Snake" or "Uroburos."
Western intelligence sources told Reuters in March that they
believed the Russian government was behind those two attacks.
Russia's Federal Security Bureau had declined to comment at the
time.
Symantec Corp, the biggest U.S. security software
maker, said it also planned to release a report on "Epic Turla"
and related campaigns on Thursday, following months of research.
Symantec declined to say if the hackers were linked to Russia
and would not name specific victims.
Many cybersecurity researchers refrain from commenting on
who they believe are behind cyber attacks, saying they lack the
intelligence needed to draw such conclusions.
The Kaspersky report suggests the hackers spoke Russian,
though that could mean people from a number of countries. It
said the control panels in software for running the "Epic Turla"
campaign were set to use Russian Cyrillic characters and its
code include the Russian word "Zagruzchick," which means "boot
loader."
Symantec researcher Vikram Thakur said the hackers infected
machines by first compromising websites that victims would
likely visit, including sites of some government agencies. The
software was designed to scan a computer to determine if it
belonged to somebody who was of interest, such as a government
employee, Thakur said.
Once a PC is compromised, "Epic Turla" analyzed the machine
to see if it has data of interest to the hackers, distributing
more Carbon components to further study the machine if it had
such information, according to Kaspersky.
(Reporting by Jim Finkle; Editing by Tiffany Wu)