A Russian cybersecurity company issued a report on Monday saying that it had identified a sophisticated cyberespionage campaign that has been in operation since 2007. The spy campaign targeted a range of government and diplomatic organizations, mostly in Eastern Europe and Central Asia, but also in Western Europe and North America.
Kaspersky Lab, the firm behind the discovery, said that digital clues suggested that the perpetrators were Russian-speaking, but that the campaign did not appear to be the work of a nation state. However, as with a number of other alarming recent reports on computer spying, Kasperky's report offered few details that would allow for independent verification and did not specifically call out the names of the organizations affected.
In an interview, Kurt Baumgartner, a senior security researcher at Kaspersky Lab, said that among the "several hundreds" of victim organizations were "embassies, consulates and trade centers." The vast majority of infected machines were based in Russia — where Kaspersky identified 38 infected machines — followed by Kazakhstan, where 16 infected machines were identified. Six infected machines were found in the United States.
Mr. Baumgartner described the campaign as a "sophisticated and very patient multiyear effort" to extract geopolitical and confidential intelligence from computers, network devices like routers and switches, and smartphones. The malware was designed to extract files, e-mails and passwords from PCs, record keystrokes and take screenshots, and steal a user's Web browsing history on Chrome, Firefox, Internet Explorer and Opera browsers. It could also pilfer contacts, call histories, calendars, text messages and browsing histories from smartphones, including iPhones, Windows, Nokia, Sony, and HTC phones. And it collected information about installed software, including Oracle's database software, remote administration software and instant messaging software, like that made by Mail.Ru, a Russian e-mail and instant messaging service.