The latest in a string of computer software attacks, the latest involving the Trojan horse, has been linked to a Russian state-sponsored cyber attack and is suspected to have been used to create a weapon of mass and destruction, US authorities have said.
The US National Security Agency (NSA) said on Friday that it had been able to identify two “virus-like” software programs and associated files which it said were used to compromise computers.
The agency said it had identified malware dubbed “Bukkit” that appeared to have come from Russia, and “Gadget” that appears to have targeted Windows, Mac OS X and Linux.
The agencies said it was the first time malware linked to Russia had been identified by the US and US intelligence agencies.
“The intelligence community is confident that the Russian government was behind these attacks,” the agency said.
“We have identified that these malware attacks were not designed to target a specific nation or target specific individuals.
The malware is designed to compromise and install a backdoor on a target computer, potentially leading to remote code execution, data theft and compromise of critical infrastructure.”
The agency also said that “gadget-like malware” used in the attacks was similar to malware used in previous attacks, including those against Chinese companies.
“This malware was used in a number of recent malware campaigns that targeted US businesses and other US targets, including the Office of Personnel Management (OPM) and the Federal Bureau of Investigation (FBI),” the agency added.
The attacks, which affected systems in more than 100 US and foreign companies, were discovered by an unnamed employee of a US company who alerted security companies.
Security researchers identified the malware in a second analysis of malware, saying that the same code was used to infect computers in at least two US businesses, the Washington Post reported.
“We found that the code used to distribute Bukkit and Gadget was written in Russian, which is one of the most commonly used languages in Russia, according to a list compiled by Kaspersky Lab,” the US intelligence agency said in a statement.
“Russian researchers have identified more than 200 known vulnerabilities in Bukkit, Gadget, and other similar malware samples, which has created a risk of compromising critical infrastructure worldwide.”
The latest attack was discovered in June, when hackers who were linked to the Russian military attempted to breach the computers of the Office Of Personnel Management, which manages millions of government and private employees.
The Russian government denies any involvement in the attack, saying it is the work of the West.
“Russia has always been a country that defends the interests of its people and respects their sovereignty,” the government said in response to the attack.
In the latest attack, the US said it believed that the “malicious software” used to target the US companies was Russian, but the agencies investigation found that it was not.
Reuters and AP