Uroburos
In 2008, malicious code known as Agent.BTZ was placed on USB drives that were dropped in the parking lots of defense facilities, such as a United States Department of Defense in the Middle East, in what was considered the “worst breach of U.S. military computers in history” at the time. Agent.BTZ infected systems running Microsoft Windows and allowed attackers to log personal information, cached credentials, and user keystrokes. The infection propagated and lasted in United States government systems for over a year. The Agent.btz infection led to the creation of the United States Cyber Command. The Turla / Uroburos group malware, which appeared in 2011 (or earlier) and was discovered in 2014, scans for the presence of Agent.BTZ on target systems and remains inactive if Agent.BTZ is installed. Comments and code itself indicate that the authors of both Agent.BTZ and Uroburos are proficient in Russian. Some file names, encryption keys, and other technical indicators are shared between the Agent.btz and Uroburos malwares. Although other possibilities exist, Agent.BTZ and Uroburos were likely developed by the same group or associated groups. The Uroburos rootkit is a very advanced and very sophisticated modular malware designed to infect entire networks and exfiltrate confidential data. The sophistication and flexibility of the Uroburos malware suggests that a highly skilled team, who had access to considerable resources, developed it. The significant monetary investment necessary to develop the Uroburos platform suggests that it was developed to target businesses, nation states, and intelligence agencies, rather than average citizens. Based on the exploit kit, the Uroburos group likely has a political or espionage agenda. The Uroburos malware typically infects 32-bit and 64-bit Microsoft Windows systems that belong to governments, embassies, defense industries, pharmaceutical companies, research and education facilities, and other large companies.
uroburosgroup














