Cyberattacks on Ukraine bear Russian hallmarks


Courtesy of BAE System Appllied Intelligence

In October, 2008, the Post’s Ellen Nakashima reported the jarring news that the Pentagon had discovered a rogue program infecting a classified network harboring some of the military’s most important secrets. Called “Agent.Btz,” it was described as the most serious breach of the U.S. military’s classified computer systems. Her story said:

The government’s top cyberwarriors couldn’t immediately tell who created the program or why, although they would come to suspect the Russian intelligence service, she wrote.

While Russia has not yet launched a military strike on Ukraine, reports over the weekend suggested that a sophisticated cyberattack using a program similar to Agent.BTZ  has been underway for at least three years, intensifying sharply in the first few months of 2014 as the country descended into chaos.

The malware is unusually menacing, according to reports, and creepy in a literal sense, because of the way it snakes its way through networks.

It’s aptly named “Ouroburos”-after a mythological Greek serpent- and “it appears that the authors speak Russian,” said a study by GData Security Labs.

The incidence of its use in Ukraine was detected by BAE Systems Applied Intelligence, which described it in a report Friday entitled “The Snake Campaign.

BAE researchers mapped a total of 56 attacks since 2010, 32 of them directed at Ukraine, with 14 of those occurring just this year.


Incidence of “Snake” attacks on particular countries. (Courtesy BAE Systems Applied Intelligence)

“What this research once more demonstrates,” said a statement by Martin Sutherland, Managing Director, BAE Systems Applied Intelligence, “is how organized and well-funded adversaries are using highly sophisticated tools and techniques to target legitimate organizations on a massive scale. Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously.”

The Financial Times’ Sam Jones,  called it “one of the most sophisticated attacks” in recent years….Experts say it is comparable in its complexity with Stuxnet, the malware that was found to have disrupted Iran’s uranium enrichment programme in 2010. Jones writes:

“The cyber weapon has been deployed most aggressively since the start of last year ahead of protests that climaxed two weeks ago with the overthrow of Viktor Yanukovich’s government. Ouroboros gives its operators unfettered access to networks for surveillance purposes. But it can also act as a highly advanced “digital beachhead” that could destroy computer networks with wide-ranging repercussions for the public.”

None of the reports or stories explained what specific damage, if any, the Snake has inflicted in Ukraine. But its potential to disrupt or cripple government and private-sector installations–from power plants to military systems-is clear.

It’s able to take control of an infected machine, execute arbitrary commands and hide system activities, according to the GData report, and “can steal information (most notably: files) and it is also able to capture network traffic.”

 

Fred Barbash, the editor of Morning Mix, is a former National Editor and London Bureau Chief for the Washington Post.
Comments
Show Comments
Most Read National
Next Story
Gail Sullivan · March 7