Security researchers at
The hackers, according to Kaspersky, were likely backed by a nation state and used techniques and tools similar to ones employed in two other high-profile cyber espionage operations that Western intelligence sources have linked to the Russian government.
Dubbed "Epic Turla", the operation stole vast quantities of data, including word processing documents, spreadsheets and e-mails, Kaspersky said, adding the malware searched for documents with terms such as "
"We saw them stealing pretty much every document they could get their hands on," Costin Raiu, head of
Kaspersky said the ongoing operation is the first cyber espionage campaign uncovered to date that managed to penetrate intelligence agencies. It declined to name those agencies, but said one was located in the
Other victims include foreign affairs ministries and embassies, interior ministries, trade offices, military contractors and pharmaceutical companies, according to Kaspersky. It said the largest number of victims were located in
Kaspersky said the hackers used a set of software tools known as "Carbon" or "Cobra", which have been deployed in at least two high-profile attacks. The first was an attack against the US military's Central Command that was discovered in 2008. The second attack was against
Western intelligence sources told Reuters in March that they believed the Russian government was behind those two attacks.
Many cyber security researchers refrain from commenting on who they believe are behind cyber attacks, saying they lack the intelligence needed to draw such conclusions.
The Kaspersky report suggests the hackers spoke Russian, though that could mean people from a number of countries. It said the control panels in software for running the "Epic Turla" campaign were set to use Russian Cyrillic characters and its code include the Russian word "Zagruzchick", which means "boot loader".
Once a PC is compromised, "Epic Turla" analysed the machine to see if it has data of interest to the hackers, distributing more Carbon components to further study the machine if it had such information, according to Kaspersky.
Most Popular Stories
- Rackspace Ends Talks About Possible Acquisition
- Mercedes Rolls Out S550 Plug-in Hybrid
- Plus-Size iPhones Live Up to The Hype
- FedEx Adding 50,000 Holiday Jobs
- Missouri GM Plant Adding 750 jobs
- Cool Features on Today's New iOS 8
- Toxic Algae Threatens Florida Fishing, Tourism
- Family Dollar Spurning Bid From Dollar General
- Kohl's Hiring 67,000 for the Holidays
- Poverty Rate Drops for First Time Since 2006