Ukraine was repeatedly attacked by sophisticated cyberspies as tensions between pro-Russian and Western-leaning factions escalated in recent months, according to a report from UK-based defense contractor BAE Systems.
Ukrainian computer systems have been targeted by at least 22 attacks launched by “committed and well-funded professionals” since January 2013, BAE found.
While BAE didn’t identify the source of the attacks, a German company said the espionage software has “Russian roots.”
The spies used “Snake” malware that allowed them to gain control of the computer systems of large organisations and steal information, according to the report from BAE’s Applied Intelligence unit. Snake’s design “suggests that attackers possess an arsenal of infiltration tools and bears all the hallmarks of a highly sophisticated cyber operation,” BAE said.
While the report released last week by BAE Systems Applied Intelligence doesn’t name Russia as the source of the attacks, it suggests they originated in the time zone where Moscow is located.
G Data Software, based in Bochum, Germany, went a step further, saying that a variant of the snake software known as Uroburos has “Russian roots.”
There are “strong indications” that the group behind Uroburos, the Greek word for an ancient symbol that shows a serpent eating its own tale, is the same one that attacked US military bases in 2008 with malware known as Agent.BTZ, G Data said.
“Notable hints include the usage of the exact same encryption key then and now, as well as the presence of Russian language in both cases,” according to the G Data report.
The BAE report, which is highly technical and designed to help system operators block attacks, comes at an uneasy moment in relations between Ukraine and Russia. Pro-Russian leader Viktor Yanukovich fled his country after months of anti-government protests by Ukrainians who favoured closer ties with the European Union.
In response, pro-Russian forces took control of Crimea and scheduled a referendum on joining Russia.