Spy Agencies Hit in Cyber-Espionage Campaign: Kaspersky Lab

Advertisement
By Reuters | Updated: 7 August 2014 20:27 IST

Security researchers at Kaspersky Lab said they have uncovered a cyber-espionage operation that successfully penetrated two spy agencies and hundreds of government and military targets in Europe and the Middle East since the beginning of this year.

The hackers, according to Kaspersky, were likely backed by a nation state and used techniques and tools similar to ones employed in two other high-profile cyber-espionage operations that Western intelligence sources have linked to the Russian government.

Advertisement

Kaspersky, a Moscow-based security software maker that also sells cyber-intelligence reports, declined to say if it believed Russia was behind the espionage campaign.

Dubbed "Epic Turla," the operation stole vast quantities of data, including word processing documents, spreadsheets and emails, Kaspersky said, adding that the malware searched for documents with terms such as "NATO," "EU energy dialogue" and "Budapest."

Advertisement

(Also See: Symantec, Kaspersky Downplay Beijing Move to Exclude Their Products)

"We saw them stealing pretty much every document they could get their hands," Costin Raiu, head of Kaspersky Lab's threat research team, told Reuters ahead of the release of a report on "Epic Turla" on Thursday during the Black Hat hacking conference in Las Vegas.

Advertisement

Kaspersky said the ongoing operation is the first cyber-espionage campaign uncovered to date that managed to penetrate intelligence agencies. It declined to name those agencies, but said one was located in the Middle East and the other in the European Union.

Other victims include foreign affairs ministries and embassies, interior ministries, trade offices, military contractors and pharmaceutical companies, according to Kaspersky. It said the largest number of victims were located in France, the United States, Russia, Belarus, Germany, Romania and Poland.

Advertisement

Kaspersky said the hackers used a set of software tools known as "Carbon" or "Cobra," which have been deployed in at least two high-profile attacks. The first was an attack against the U.S. military's Central Command that was discovered in 2008. The second attack was against Ukraine and other nations, uncovered earlier this year, using malicious software dubbed "Snake" or "Uroburos."

Western intelligence sources told Reuters in March that they believed the Russian government was behind those two attacks. Russia's Federal Security Bureau had declined to comment at the time.

(Also See: Beijing to Bar Symantec, Kaspersky Anti-Virus in Procurement: Report)

Symantec Corp, the biggest U.S. security software maker, said it also planned to release a report on "Epic Turla" and related campaigns on Thursday, following months of research. Symantec declined to say if the hackers were linked to Russia and would not name specific victims.

Many cybersecurity researchers refrain from commenting on who they believe are behind cyber-attacks, saying they lack the intelligence needed to draw such conclusions.

The Kaspersky report suggests the hackers spoke Russian, though that could mean people from a number of countries. It said the control panels in software for running the "Epic Turla" campaign were set to use Russian Cyrillic characters and its code include the Russian word "Zagruzchick," which means "boot loader."

Symantec researcher Vikram Thakur said the hackers infected machines by first compromising websites that victims would likely visit, including sites of some government agencies. The software was designed to scan a computer to determine if it belonged to somebody who was of interest, such as a government employee, Thakur said.

Once a PC is compromised, "Epic Turla" analyzed the machine to see if it has data of interest to the hackers, distributing more Carbon components to further study the machine if it had such information, according to Kaspersky.

© Thomson Reuters 2014

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  2. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  3. Insomniac Games Shares New Trailer for Marvel's Wolverine
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.