Cyber Espionage: Project Sauron Malware Found Stealing Sensitive Data from 30 Government Networks Worldwide after Five Years Undetected
Aug 10, 2016 10:04 AM EDT By Anita Valencia, UniversityHerald Reporter
http://www.universityherald.com/articles/36890/20160810/cyber-espionage-project-sauron-malware-found-stealing-sensitive-data-from-30-government-networks-worldwide-after-five-years-undetected.htm
The Eye of Sauron in J.R.R Tolkiens' Lord of The Rings is known for its vast far-sight. It has inspired a group of hacker who created undetected malware called Project Sauron which has been hidden in servers of many networks, stealing data for five years.A group named Strider is reportedly responsible for Project Sauron malware that hid inside the database of 30 government organizations in Rwanda, Russia and Iran. According to Kaspersky Lab, the malware was found in scientific, military, government, and financial companies in those countries. America's Symantec Corporation who also detected the malware in China and Belgium, revealed that the platform used advanced system which would not likely to happen without any active help of state-sponsored group. Project Sauron malware uses unique operations with no similar pattern Furthermore, the experts from both companies discovered that the malware has been present since 2011 at least. Crafted in Binary Large Objects, it is untrackable with an antivirus given the unique codes. Kaspersky who described the issue as 'just a tiny tip of the iceberg', stated that the creator of this malware clearly knows that experts would look for patterns. Hence, even when experts have discovered an infection, they are not likely to discover a new one due to how the software was written. How Project Sauron works Researchers explained that Project Sauron works as sleeper cells in the targeted servers. It displays no activity while waiting for the commands, Arstechnica wrote. Project Sauron can't be viewed by Windows OS. It can collect data even without any internet connection because it uses virtual system USB storage drives. Computers infected with the malware 'think' that it is an approved system. What's more impressive is that it still works even when the data-loss prevention software is installed to block unknown USB drives. Kaspersky Lab explained in Securelist website, that the malware creator has a 'high interest in communication encryption software' used by these organizations. It is able to steal encryption keys and documents of the infected computer and even from USB sticks attached to it.