The hackers, according to Kaspersky, were likely backed by a nation state and used techniques and tools similar to ones employed in two other high-profile cyber espionage operations that Western intelligence sources have linked to the Russian government.
Kaspersky, a Moscow-based security software maker that also sells cyber intelligence reports, declined to say if it believed Russia was behind the espionage campaign.
Dubbed “Epic Turla,” the operation stole vast quantities of data, including word processing documents, spreadsheets and emails, Kaspersky said, adding that the malware searched for documents with terms such as “NATO,” “EU energy dialogue” and “Budapest.”
“We saw them stealing pretty much every document they could get their hands,” Costin Raiu, head of Kaspersky Lab’s threat research team, told Reuters ahead of the release of a report on “Epic Turla” on Thursday during the Black Hat hacking conference in Las Vegas.
Kaspersky said the ongoing operation is the first cyber espionage campaign uncovered to date that managed to penetrate intelligence agencies. It declined to name those agencies, but said one was located in the Middle East and the other in the European Union.
Other victims include foreign affairs ministries and embassies, interior ministries, trade offices, military contractors and pharmaceutical companies, according to Kaspersky. It said the largest number of victims were located in France, the United States, Russia, Belarus, Germany, Romania and Poland.
The Kaspersky report suggests the hackers spoke Russian, though that could mean people from a number of countries. It said the control panels in software for running the “Epic Turla” campaign were set to use Russian Cyrillic characters and its code include the Russian word “Zagruzchick,” which means “boot loader.”
Symantec researcher Vikram Thakur said the hackers infected machines by first compromising websites that victims would likely visit, including sites of some government agencies. The software was designed to scan a computer to determine if it belonged to somebody who was of interest, such as a government employee, Thakur said.
Full article: Spy agencies hit in cyber espionage campaign: Kaspersky Lab (Reuters)