Sandworm

Tuesday, October 14th, 2014

The Russians have been spying on foreign powers — shocking, I know — using software that researchers have dubbed Sandworm:

Although iSight only has a small view of the number of victims targeted in the campaign, the victims include among others, the North Atlantic Treaty Organization, Ukrainian and European Union governments, energy and telecommunications firms, defense companies, as well as at least one academic in the US who was singled out for his focus on Ukrainian issues. The attackers also targeted attendees of this year’s GlobSec conference, a high-level national security gathering that attracts foreign ministers and other top leaders from Europe and elsewhere each year.

It appears Sandworm is focused on nabbing documents and emails containing intelligence and diplomatic information about Ukraine, Russia and other topics of importance in the region. But it also attempts to steal SSL keys and code-signing certificates, which iSight says the attackers probably use to further their campaign and breach other systems.

The researchers dubbed the operation “Sandworm” because the attackers make multiple references to the science fiction series Dune in their code. [...] It was encoded references to Dune — which appear in URLs for the attackers’ command-and-control servers — that helped tie some of the attacks together. The URLs include base64 strings that when decoded translate to “arrakis02,” “houseatreides94,” and “epsiloneridani0,” among others.

“Some of the references were very obscure so whoever was writing the malware was a big Dune geek,” says John Hultquist, senior manager for iSight’s Cyber Espionage Threat Intelligence team.

“Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.”

Comments

  1. Bert E. says:

    Forget about all that NSA spying on you stuff. The SVR and GRU probably have even much more extensive programs of such invasive computer espionage and directed against almost anyone anywhere.

  2. Toddy Cat says:

    I have no doubt that this is true. However, the Russian Government is in no position to do anything to me at this time, nor do I have any reason to believe that they would want to. The NSA…. well…..

Leave a Reply