BAE Systems Analyzes Snake Cyber-Espionage Campaign

BAE Systems Applied Intelligence unveiled the extent of the venomous nature of the complex cyber-espionage “Snake” operation which has been in development since 2005.

New research from BAE Systems Applied Intelligence revealed further details on how the recently disclosed Snake cyber-espionage toolkit operates. The research included descriptions of how the malware communicates, the distinctive architectures that have evolved over the years, the use of novel tricks to by-pass Windows security and how it hides from traditional defensive tools.
Comparable in complexity to the Stuxnet malware that was found to have disrupted Iran’s uranium enrichment program in 2010, Snake hit the headlines recently for its part in the Ukraine crisis.

According to widespread reports, Snake infected dozens of Ukrainian computer networks including government systems in one of the most sophisticated attacks in recent years. It appears Snake was deployed in Ukraine most aggressively since the start of 2013, ahead of protests that climaxed with the overthrow of Viktor Yanukovich’s government.

The origins of this attack remain unclear, but the UK’s Financial Times newspaper said the cyber weapon’s programmers appear to have developed it in a GMT+4 time zone -- which encompasses Moscow -- according to clues left in the code, parts of which also contain fragments of Russian text.

The malware has infected networks run by the Kiev government and other important organizations. Lithuanian systems have also been disproportionately hit by it.

Comments