IT security companies Kaspersky and Symantec announced they have uncovered a powerful new cyberespionage program this week.
Known as “project Sauron”, it’s thought to have been in place since 2011.
In a report published this week, Russian company Kaspersky revealed they had detected an abnormally high amount of data traffic over a government organisation’s network last September. This was due to a program installed on a network control server. The software is thought to have got access to sensitive data.
Kaspersky said that at the moment, it is difficult to know where the software came from. American company Symantec have said the targets were “mainly organisations or people with links to National Intelligence services”.
Known as “project Sauron”, it was named after an evil character from the well-known novel ‘Lord of the Rings’. Lord of the Rings was written by British author J.R.R. Tolkien. The program is a “technically sophisticated modular cyberespionage platform, designed for long-term use”, Kaspersky wrote in its report.
According to early data acquired by Kaspersky, the program mainly hit Russia, Iran, Rwanda, and Italy. Symantec has also added China, Belgium and Sweden to the list.
The software was found on key-systems networks in the countries concerned. The networks are used by governmental, financial, military and scientific research institutions. Sauron can see what is typed on a keyboard, and steal documents and encryption keys. It can also steal data using an infected USB key.
The software is thought to have been installed in June 2011. It could not be detected earlier as it can adapt its form to the network it is attacking (the files its uses to install itself can have different names and be different sizes). Most spy software cannot do this, which is why it was not found until now.