European agencies at center of cyberspying campaign
Share with others:
Computer security researchers have uncovered malware that appears to have been used as part of a widespread cyber espionage campaign targeting European diplomatic and government agencies.
Kaspersky Lab, a global firm based in Moscow, said in a report released Monday that in terms of complexity, the malware rivals the Flame virus, a cyber-spying tool that was created by the United States and Israel for use against Iran. The malware, called Rocra, has been in existence for at least five years and appears to have been written by Russian speakers using Chinese exploit code that silently installs malware. It was still active as of early January.
Rocra has been used to steal encrypted files and decryption keys used by European Union organizations and NATO, said Roel Schouwenberg, a Kaspersky researcher based in Boston. The malware also can map out the internal layout of a computer network and the configuration of routers as well as hijack files from thumb drives and smartphones, he said. It records keystrokes, makes screenshots, recovers deleted files and encrypts data it steals. It makes unique identifiers for each target to more easily catalogue the data stolen.
Rocra is not as sophisticated as Flame, which spread through Windows software updates. But Mr. Schouwenberg said it appears to be far more elegant than the "rudimentary" malware coming from China, which has been used to siphon vast amounts of proprietary data from companies and governments around the world.
Kaspersky's researchers began analyzing the malware in October and determined that it was targeting organizations mostly in Eastern Europe, but also in Central Asia, Western Europe and North America. Targets include trade and commerce organizations, nuclear and energy research groups, oil and gas companies, and the aerospace industry. They also include a handful of non-U.S. diplomatic organizations inside the U.S.
The lab does not know who is behind the malware -- whether it is a national government, for example, or criminals looking to sell the data to a government.
First Published January 15, 2013 12:00 am