You are here: Home / Network Security / Kaspersky Looks Inside 'Epic' Attack
Gartner ranks Druva #1
in overall product rating for enterprise endpoint backup
for the second year in a row!
Kaspersky Lab Reveals a Look Inside Cyber-Espionage
Kaspersky Lab Reveals a Look Inside Cyber-Espionage
By Dan Heilman / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus

Where do cyberattacks come from, and what is their methodology? New research from Kaspersky Lab sheds light on those common questions, using a cyber-espionage operation as an example. Researchers at Kaspersky say they've kept tabs on an operation that was able to find its way into two spy agencies and hundreds of government and military targets in Europe and the Middle East over the past eight months.

The espionage operation, Epic Turla, is one of the most sophisticated ongoing cyber-espionage campaigns. The "Epic" project portion of Turla has been used since at least 2012, when it was first discovered, with the highest volume of activity observed in January-February 2014, according to Kaspersky.

Kaspersky Lab, based in Moscow, issued a report Thursday on Epic Turla at the Black Hat security conference in Las Vegas. Symantec Corp., the biggest U.S. security software maker, also planned to issue a report on Epic Turla at the conference.

Spyware Building Blocks

According to the cybersecurity researchers, the malware components of Turla are used in stages, and break down this way:

  • Epic Turla/Tavdig: An early-stage infection mechanism.
  • Cobra Carbon system/Pfinet (plus others): Intermediary upgrades and communication plug-ins, used to determine whether the target computer has information worth gathering.
  • Snake/Uroburos: High-grade malware platform that includes a rootkit and virtual file systems.
Most of Epic's targets are embassies, military, research and education organizations, pharmaceutical companies, and government entities. The latter category includes intelligence agencies along with ministries of interior, trade and commerce, and foreign/external affairs.

A majority of Epic's victims are in the Middle East and Europe. But Kaspersky also observed victims in other regions, including the United States. Kaspersky's experts counted hundreds of victim IP addresses in more than 45 countries, with France having the greatest number.

Breaches Discovered 'Almost Every Day'

We reached out to Kurt Baumgartner, principal security researcher at Kaspersky Lab, and asked him how well prepared for Epic Turla are U.S. organizations and agencies, considering that most of the attacks have been in other countries.

"It depends on the organization," Baumgartner told us. "We see stories almost every day about one breach or another. Some know very well not only what resources are on their network, but patch them well by monitoring traffic closely, etc."

How do the people behind Epic Turla go about their attacks? Mostly via zero-day exploits, social engineering (such as e-mail phishing) and "watering hole" techniques, an attack that compromises a popular Web site by inserting an exploit that results in malware infection to site visitors. (continued...)

1  2  Next Page >

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
Protect 100% of your Data The prevalence of laptops and mobile devices in the enterprise makes corporate data increasingly vulnerable to loss and breach. And yet, workforce productivity is now inextricably linked to mobility. Click here to access the white paper "Top 10 Endpoint Backup Mistakes" to learn more about how to confidently protect data across platforms and devices while also providing features designed to enhance the end user experience.

Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.