Project Sauron
{{Under construction|section=the whole article|placedby=Anonymous Agent}}{{short description|Computer malware}}
Project Sauron, also named ProjectSauron and Remsec{{Cite web |last=Dockrill |first=Peter |date=10 August 2016 |title=Scientists Just Found an Advanced Form of Malware That's Been Hiding For at Least 5 Years |url=https://www.sciencealert.com/scientists-just-found-an-advanced-form-of-malware-that-s-been-hiding-for-at-least-5-years |access-date=2025-06-28 |website=ScienceAlert}} is a computer malware discovered in 2016.{{Cite web|url=https://arstechnica.com/information-technology/2016/08/researchers-crack-open-unusually-advanced-malware-that-hid-for-5-years/|title=Researchers crack open unusually advanced malware that hid for 5 years|first=Dan|last=Goodin|date=August 9, 2016|website=Ars Technica}}{{Cite news|url=http://www.bbc.com/news/technology-37021957|title='Project Sauron' malware hidden for five years|work=BBC News |date=August 9, 2016}}{{Cite web|url=https://www.cyberscoop.com/eugene-kaspersky-project-sauron-nsa-equation-group/|title=Why Eugene Kaspersky keeps talking about 'Project Sauron'|date=December 1, 2017|website=CyberScoop}} It has been spying computers at government and organizations for five years.{{Cite web|url=https://www.infosecurity-magazine.com:443/news/project-sauron-has-been-spying/|title=Project Sauron has Been Spying on Governments for 5 Years|first=Tara|last=Seals|date=August 19, 2016|website=Infosecurity Magazine}} It can steal encryption keys, collect information from air-gapped computers, and record someone’s keystrokes without being detected.{{Cite web|url=https://www.inverse.com/article/19401-project-sauron-malware-strider|title=Kaspersky Lab and Symantec Discover "Project Sauron" Malware|first=Nathaniel|last=Mott|website=Inverse}} It was discovered by security experts from Symantec (now part of Broadcom) and Kaspersky Lab, which was reportedly found on various targets in China, Russia, Iran, Sweden, Belgium, and Rwanda.{{Cite web |last=Eric Auchard |date=August 8, 2016 |title=New spyware detected targeting firms in Russia, China: Symantec |url=https://www.reuters.com/article/technology/new-spyware-detected-targeting-firms-in-russia-china-symantec-idUSKCN10J18I/ |url-status=live |access-date=2025-06-28 |website=Reuters}} Due to its complex and well-designed structure, the malware is believed to have been developed by a state-backed hacking group or an intelligence agency. Although the malware is considered to have been widely eradicated following its public disclosure, Project Sauron might still remain active on systems that are not protected by Kaspersky Lab solutions.{{Sfn|GReAT|2016|loc=4. For how long have the attackers been active?}}
Overview
In September 2015, Kaspersky's Anti-Targeted Attack Platform detected unusual network traffic in a client organization's network, which led to the discovery of a malicious program registered as a password filter and residing in the memory of the domain controller servers.{{Sfn|GReAT|2016|loc=6. How did you discover this malware?}} This program also had access to administrators' passwords in clear text and included a backdoor that was activated to capture login credentials or changed passwords in plain text every time local or remote users typed them in.{{Sfn|GReAT|2016|loc=7. How does ProjectSauron operate?}}
The malware is compiled using a modified Lua engine and analyzed through forensic methods. The name "Sauron" comes from the fact that the term appears in the malware's source code.
See also
References
{{reflist}}
= Works cited =
- {{cite book |last=GReAT team |url=https://securelist.com/faq-the-projectsauron-apt/75533/ |title=ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms |date=2016-08-08 |publisher=Securelist by Kaspersky |language=en |access-date=2025-06-28}}
{{Malware-stub}}