Our report includes descriptions of:
- How the malware communicates,
- The distinctive architectures which have evolved over the years,
- The use of novel tricks to by-pass Windows security,
- How it hides from traditional defensive tools.
The BAE Systems Applied Intelligence analysis follows a report last week from a German security company that exposed a component from this project, and opened the lid on a campaign which has been a covert but persistent threat. BAE Systems Applied Intelligence has built a picture of the activity, and in particular the countries in which this has been seen - mostly in Eastern Europe, but also in the US, UK and other Western European countries.
This threat has received significant attention in the past, albeit under a different name - Agent.BTZ. It came to the surface in 2008 and again in 2011, when sources familiar with the US Department of Defence disclosed that their classified networks had been breached by an early version from this same operation. Since then the authors have continued development and deployed many advanced features that make it a far more menacing threat than previously. Until now the campaign has largely managed to remain under the radar of the mainstream security industry.
In conjunction with the threat analysis, the report also contains a set of technical indicators which will allow organisations to identify compromises, and security companies to develop improved defences.
Report: http://info.baesystemsdetica.com/rs/baesystems/images/snake_whitepaper.pdf