Computer security researchers have uncovered malware that appears to have been used as part of a widespread cyber-espionage campaign targeting European diplomatic and government agencies.
Kaspersky Lab, a global firm based in Moscow, said in a report released Monday that in terms of complexity, the malware rivals the Flame virus, a cyber-spying tool that was created by the United States and Israel for use against Iran.
The malware, called Rocra, has been in existence for at least five years and appears to have been written by Russian speakers using Chinese exploit code that silently installs malware. It was still active in early January.
Among other things, Rocra has been used to steal encrypted files and decryption keys used by the European Union and NATO, said Roel Schouwenberg, a Kaspersky researcher based in Boston.
The malware also can map the internal layout of a computer network and the configuration of routers, and hijack files from thumb drives and smartphones, he said. It records keystrokes, makes screenshots, recovers deleted files and encrypts the data it steals. It makes unique identifiers for each target to more easily catalogue the stolen data.