Security researchers have detected a highly advanced, five-year-old piece of malware that has been secretly targeting governments, militaries, telecoms companies and scientific research centers.
It’s highly likely to be built by a nation-state, given its level of sophistication, and its targets have included organizations in Russia, Iran and Rwanda. It’s called Sauron, Business Insider reported. Security firm Kasperspy has put out a new report detailing the malware, which it first detected in September 2015.
The company is calling it “ProjectSauron,” based on a string of code that uses the name “Sauron”—better known as the malevolent entity responsible for forging the Ring of Doom in his efforts to conquer Middle-Earth in J.R.R. Tolkien’s “The Lord of the Rings.”
ProjectSauron is extremely advanced, drawing lessons from other government-created malware and even the traces it leaves behind change from target to target to prevent people from noticing patterns and creating a defense wall against it.
The malware, Kaspersky said, is focused on intelligence-gathering: It is “dedicated to just a few countries, focused on collecting high value intelligence by compromising almost all key entities it could possibly reach within the target area”. More than 30 organizations were compromised in Russia, Iran and Rwanda—but “many more organizations and geographies are likely to be affected”.
Organizations targeted included governments, scientific research centers, militaries, telecommunications providers and finance institutions. One of ProjectSauron’s objectives is to gather info on its targets’ encryption software—used to encode highly confidential and classified data.
“ProjectSauron has high interest in communication encryption software widely used by targeted governmental organizations. It steals encryption keys, configuration files and IP addresses of the key infrastructure servers related to the software,” Kaspersky said.