Kaspersky Lab:Intelligence agencies hit in cyber espionage campaign

Posted on August 7, 2014 05:12 pm

Russian’s Kaspersky Lab security researchers have this afternoon revealed a cyber espionage operation that infiltrated two secret service organisations and several hundreds of military and government targets in Middle East and Europe from the beginning of 2014. The Moscow-based security software vendor is well known globally for selling cyber intelligence reports. According to Kaspersky report, the hackers were likely backed by a rogue state and used techniques and tools similar to ones employed in two other high-profile cyber espionage operations that Western secret services agent have in the past linked to Russia. Dubbed “Epic Turla,” the malware operation is said to have mined quantities of data that included word processing documents, spreadsheets and emails as well as searching documents with terms such as “NATO,” “EU energy dialogue” and “Budapest.The full report was released this afternoon at Black Hat hacking conference currently taking place in Las Vegas.

It said the largest number of victims were located in United States,France, Russia, Belarus, Germany, Romania and Poland. Kaspersky revealed that its the first ever cyber espionage campaign unearthed to date that has successfully managed to penetrate espionage agencies though the researchers have declined to name those agencies. Other victims according to Kaspersky include embassies, foreign affairs ministries, interior ministries, trade offices, military contractors and pharmaceutical companies and the hackers are said to have used a set of software tools known as “Carbon” or “Cobra.” The Kaspersky report suggests the hackers spoke Russian, though that could mean people from a number of countries. It said the control panels in software for running the “Epic Turla” campaign were set to use Russian Cyrillic characters and its code include the Russian word “Zagruzchick,” which means “boot loader.” Once a computer is compromised, “Epic Turla” analysed the machine to see if it has data of interest to the hackers, distributing more “Carbon” components to further study the machine if it had such information, according to the researchers.

Contador Harrison