The political tension in between Russia and the USA is mounting and the latest cyberweapon revelation is not going to help calm the relations. German security firm G-Data has exposed Uroburos, a sophisticated and complex rootkit that has been infiltrating US related targets for more than 3 years.
Uroburos has also been analyzed and broken down by the aforementioned German research lab. The source code revealed comments written in Russian, which means that the Russian government is probably behind the espionage software.
Another reason to believe that this is the work of a heavily funded department from Russia is the complexity of the framework. The design is highly professional and the developer team responsible for the toolkit has produced a sophisticated product.
Uroburos consists of two files, a driver and an encrypted virtual file system. Once injected into a system, this rootkit is capable capturing of network traffic, harvesting data and also stealing of files from the contaminated computer. Uroburos works in peer-to-peer mode, meaning that contaminated machines can infect other network computers.
This specific cyberweapon was designed to exploit large institutions, government infrastructures and other high-profile targets. The oldest driver identified was compiled back in 2011, which points at its effectiveness and stealthiness. It’s safe to assume that the Russian espionage agencies have more versions of this malware in the pipeline.
CISOs and InfoSec executives must adopt a proactive approach to counter malicious rootkits that are capable of contaminating entire networks and harvesting sensitive information.
Information security has become a tedious job with cyberattacks coming in from all directions and various shapes. Uroburos is a reminder that not all malware and viruses are easy to detect and eradicate. Infosec experts should always have capable anti-rootkit software in their arsenal. Digital espionage is a reality that has to be dealt with smartly.
Source – Uroburos Research Study
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.