Complex malware ‘ProjectSauron’ remained hidden, undetected for years, experts say

By Yen Palec / Aug 11, 2016 08:33 AM EDT
(Photo : Getty Images / ullstein bild ) Security researchers recently announced that they have identified a complex malware known only as “ProjectSauron.”

Security researchers recently announced that they have identified a complex malware known only as "ProjectSauron." The malware had stayed hidden and undetected within a number of organizations for a period of five years.

Cyber security firm Kaspersky Lab first detected the ProjectSauron malware. The company described the malware as an extremely complex platform whose primary use is for cyber espionage. Kaspersky Lab added that the malware was designed to conduct long-term espionage through a clever set of stealthy survival mechanisms.

The name of the malware alludes to a character from J.R.R Tolkien's "The Lord of the Rings." In the books, Sauron is an all-seeing antagonist.

In a statement released by Kaspersky Lab, the company said, "The actor behind ProjectSauron" has a high interest in communication encryption software widely used by targeted government organizations." Kaspersky added that the main purpose of ProjectSauron is to steal configuration files, encryption keys, and IP addresses of servers that are related to encryption software.

According to Fox News, the malware is capable of stealing data from computers that are not connected to the Internet. PojectSauron is able to do this by using USB drives that can store stolen data in an area undetectable by the computer's operating system.

ProjectSauron, also known as Strider, was first detected by Kaspersky Lab in September 2015. The malware has been in operation as early as June 2011 and remained active until April this year. Kaspersky Lab said that ProjectSauron was able to infect at least 30 organizations based in Italy, Iran, Russia and Rwanda. In a separate investigation conducted by security company Symantec, it was revealed that the malware has attacked organizations in China, Sweden, and Belgium.

The malware targeted government offices, scientific research facilities, financial organizations, telecommunications providers, and even military. Kaspersky Lab said that the company is working with industry partners as well as law enforcement agencies in notifying victims and possibly tracking the main perpetrators of the attack.