Defence contractor BAE Systems has analysed how the recently disclosed ‘Snake’ cyber espionage toolkit operates, finding that its authors are likely to be “committed and well-funded professionals”.
BAE’s research follows a report last week from a German security company that exposed the ‘Snake’ operation that had up until that point been a secretive but persistent threat.
It found that the malware had been in development since at least 2005 – much earlier than first thought – and that the threat has been seen mainly in Eastern Europe, but also in the US, the UK and other Western European countries.
The operation was previously called Agent.BTZ , coming to the surface in 2008 when US Department of Defense sources said that its classified networks had been breached by an early form of the virus. It has since been developed, BAE said, with many advanced features that make it even more resilient than before.
“Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously,” said Martin Sutherland, BAE Systems’ applied intelligence managing director.
BAE explained that the threat’s resilience was a result of the way it had been designed.
“The resilience of the Snake malware in the face of cyber security counter measures is in part a result of its kernel-centric architecture, which is extraordinary in its complexity,” BAE said.
“Its design suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation. Most notable is the trick used by the developers to load unsigned malware in 64-bit Windows machines, by-passing a fundamental element of Windows security,” it added.
Sutherland explained that the research showed how organised and well-funded attackers are using highly sophisticated tools and techniques to target organisations “on a massive scale”, and said he hoped the research would help firms to better understand the threat to ensure they can combat it.”The threat described in this report really does raise the bar in terms of what potential targets, and the security community in general, have to do to keep ahead of cyber attackers.
“The challenge of keeping confidential information safe will continue for many years to come,” he claimed.