Page 2 of 2
The attack campaigns are designed to be highly targeted, picking individuals located in Eastern Europe, former Soviet bloc countries and Central Asia. Kaspersky said it also detected attacks in the U.S. The researchers said they uncovered more than 60 domain names located in Russia and Germany. The command and control servers are used to control infected systems and retrieve data from victims.
Kaspersky said the attacks appear to originate in China, but the security firm stopped short of calling it a nation-state-sponsored cyberespionage campaign. Kaspersky linked the exploits to Chinese hackers and the malware modules used in the targeted attacks to Russian-speaking operatives.
"The information stolen by the attackers is obviously of the highest level and includes geopolitical data, which can be used by nation states," Kaspersky said in its report. "Such information could be traded in the underground and sold to the highest bidder, which can be, of course, anywhere."
Kaspersky has been issuing reports on cyberespionage attacks and other malware campaigns believed to be nation-state-sponsored. The company was among the first to produce information on the Stuxnet rootkit designed, researchers believe, to target a uranium enrichment facility in Iran.
The company also has released extensive analysis on Flame, Duqu, Gauss and Shamoon, all malware families used in targeted attack campaigns and designed to steal data. Its researchers have linked a module in Flame to one used in the Stuxnet attack, making it appear that the attacks are coming from the same source.