Aside from protesters who wanted to kick out President Viktor Yanukovych of Ukraine, there was also turmoil in its corner of cyberspace. A new report has revealed that computer networks in the country were attacked by a Snake malware.
Cybersecurity and communication intelligence firm BAE Systems has released a report that uncovered a minimum of 22 well-funded, massive, and aggressive cyber attacks against dozens of computer systems in Ukraine since January last year. The cyber espionage tool was engineered to gain access, remotely control, and steal data from large organizations.
"Its design suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation. Most notable is the trick used by the developers to load unsigned malware in 64-bit Windows machines, by-passing a fundamental element of Windows security," BAE Systems said in a statement.
"Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously," it added.
The report [registration required] released Friday by BAE does not directly point to Russia but pinpoint the origin in the time zone of GMT+4 where Russia is. The experts were also able to spot some Russian characters in its code.
The Snake, also referred to using an old Greek term uroburos meaning serpent, is nothing new. There have been versions of the spying tool kit since 2005 but the complexity of that used in Ukraine suggests that it has targeted government entities. The country has been a favorite victim of the venomous espionage software. Since 2010, there have been 32 cases reported in the country, 14 of which were done just at the kickoff of 2014. There have also been cases of Snake cyber attacks in Belgium, Georgia, Britain, and Lithuania, among others.
The Snake rootkit is a newer version of what has been known in the cybersecurity community as Agen.BTZ. The United States has also been attacked before by a similar malware in 2008 and 2011.
Long-running malwares are not new. Of late, Kaspersky unmasked the Careto that can be used to analyze traffic over Wi-Fi, intercept traffic over a network, take note of keystrokes, and collect files from infected computers, among others. Russia and China were prime suspects with the suspected maker of the said malware believed to have a Spanish origin.
A new study has also analyzed the perfect timing for such cyber attacks. The study looked into famous malwares that have been used by different governments to spy on and operate against other countries.
While the report is inconclusive the Russian aggressiveness in Crimea that has sparked global concern has thrown a common question about the Snake malware, "Who Put-in there?"