ProjectSauron Cyber Espionage Group Uncovered by Kaspersky Labs and Symantec

ProjectSauron comprises a top-of-the-top modular cyber-espionage platform in terms of technical sophistication, designed to enable long-term campaigns through stealthy survival mechanisms coupled with multiple exfiltration methods. Technical details show how attackers learned from other extremely advanced actors in order to avoid repeating their mistakes. For example, all artifacts are customized per given target, reducing their value as indicators of compromise for any other victim.A cyber espionage group that has been operating covertly since at least June 2011 had its cover blown this week by two security vendors, both of whom said they discovered the group’s activity from malware samples submitted to them by their respective customers. Kaspersky Lab, which has dubbed the group ProjectSauron, described it as a sophisticated nation-state threat actor targeting state organizations. The group has been using a different set of attack tools for each victim making its activities almost impossible to spot using traditional indicators of compromise, the vendor said. The core payloads used by ProjectSauron to exfiltrate data from victim networks are customized for individual targets and are never used again in other attacks. “This approach, coupled with multiple routes for the exfiltration of stolen data, such as legitimate email channels and DNS, enables ProjectSauron to conduct secretive, long-term spying campaigns in target networks,” the Kaspersky Lab said in an alert earlier this week. What effect will the discovery of this group have on reducing cyber security threats? Send your comments to the Cloud and Cyber Security Center.