09 Aug 2016

SauronA new type of malware has been discovered by researchers that is so advanced it probably was developed by a nation-state and has been active for years without anyone noticing. Going by both ProjectSauron and Remsec depending on who you talk to, the malware platform has been around since at least 2011 and has affected 30 known targets. Whoever developed ProjectSauron did so in part by studying the techniques of major state-sponsored hacking groups to improve upon what they did while avoiding their shortcomings.

ProjectSauron is extremely hard to detect using normal antivirus measures due to it being written in Binary Large Objects and existing only in computer memory. Additionally, unlike most malware that rely on reusing servers, IP addresses, and domain names for command and control purposes, it’s difficult to find clues of a ProjectSauron infection because what software artifacts are left behind are unique to each target. Basically, with each attack being specific to a target there are no patterns to study in order to find other infections.

One of the more sophisticated aspects of ProjectSauron is its ability to steal data from computers without an internet connection. So called “air-gapped” computers are used for storing particularly sensitive data. To get in, ProjectSauron utilizes USB storage drives that have a hidden file system that isn’t recognized by a Windows OS. The drives masquerade as an approved device, even fooling data-loss prevention software, meanwhile there are hundreds of megabytes of space that is used for the sole purpose of stealing data. No one is exactly sure how the whole process works, but it is believed it may be using some unknown Zero Day exploit. What is known is that ProjectSauron consists of at least 50 different modules that are used interchangeably depending on each specific infection

The malware was only discovered after security experts were brought in to determine the cause of some unusual network traffic within an unidentified government agency. They found an executable file behaving like a Windows password filter hidden in a domain control server. Anytime someone logged in or changed a password, the module activated a viewed them.

It appears ProjectSauron was designed to steal passwords, configuration files, cryptographic keys, and the IP addresses of any server handling encryption. Whoever is behind the malware is highly sophisticate with it infecting military agencies, government organizations, telecommunication providers, scientific research groups, and financial institutions in Russia, Iran, China, Italy, Belgium, Sweden, and Rwanda.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top