Computer security researchers have uncovered malware that appears to have been used as part of a widespread cyber espionage campaign targeting European diplomatic and government agencies.
Kaspersky Lab, a global firm based in Moscow, said in a report released Monday that the malware rivals in complexity the Flame virus, a cyber-spying tool that was created by the United States and Israel for use against Iran. […]
Among other things, [the newly discovered malware, called Rocra,] has been used to steal encrypted files and decryption keys used by European Union organizations and NATO, said Roel Schouwenberg, a Kaspersky researcher based in Boston.
The malware also can map out the internal layout of a computer network, the configuration of routers, and hijack files from thumb drives and smartphones, he said. It records keystrokes, makes screenshots, recovers deleted files and encrypts data it steals. It makes unique identifiers for each target to more easily catalogue the data stolen. […]
Kaspersky’s researchers began analyzing the malware in October and determined it was targeting organizations mostly in Eastern Europe, but also in Central Asia, Western Europe and North America. Targets include trade and commerce organizations, nuclear and energy research groups, oil and gas companies and the aerospace industry. They also include a handful of non-U.S. diplomatic organizations inside the United States.
The lab does not know who is behind the malware, whether it is a national government or criminals looking to sell the data to a government.