Researchers crack advanced malware that hid for 5 years

Post Reply
User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Researchers crack advanced malware that hid for 5 years

Post by Pigeon » Tue Aug 09, 2016 1:54 am


Sauron

Researchers crack open unusually advanced malware that hid for 5 years

Espionage platform with more than 50 modules was almost certainly state sponsored.

"Once installed, the main Project Sauron modules start working as 'sleeper cells,' displaying no activity of their own and waiting for 'wake-up' commands in the incoming network traffic," Kaspersky researchers wrote in a separate blog post. "This method of operation ensures Project Sauron’s extended persistence on the servers of targeted organizations."

Kaspersky researchers said they discovered the malware last September after a customer at an unidentified government organization hired them to investigate anomalous network traffic. They eventually unearthed a "strange" executable program library that was loaded into the memory of one of the customer's domain controller servers. The library was masquerading as a Windows password filter, which is something administrators typically use to ensure passwords match specific requirements for length and complexity. The module started every time a network or local user logged in or changed a password, and it was able to view passcodes in plaintext.

The main purpose of the malware platform was to obtain passwords, cryptographic keys, configuration files, and IP addresses of the key servers related to any encryption software that was in use. Infected groups include government agencies, scientific research centers, military organizations, telecommunication providers, and financial institutions in Russia, Iran, Rwanda, China, Sweden, Belgium, and possibly in Italian-speaking countries.

Kaspersky researchers estimate that development and operation of the Sauron malware is likely to have required several specialist teams and a budget in the millions of dollars. The researchers went on to speculate that the project was funded by a nation state, but they stopped short of saying which one.

Link


User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Researchers crack advanced malware that hid for 5 years

Post by Royal » Tue Aug 09, 2016 2:10 am

Wondering how many advanced institutions discover it and retool it without saying a word.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Researchers crack advanced malware that hid for 5 years

Post by Pigeon » Tue Aug 09, 2016 11:10 pm

More than one... :)

Post Reply