inception malware cyber security
The sophistication of the Inception malware suggests state involvement, researchers say CC

A new wave of highly sophisticated cyberattacks targeting embassies, military installations and major corporations around the world has been uncovered by security experts.

Researchers at Blue Coat Labs described the cyber threat, named Inception, as a "very slick operation" that pointed to a "very high chance of state involvement".

A 62-page white paper published today (10 December) by Blue Coat, titled The Inception Framework: Cloud-Hosted APT, details the malware espionage operation and how the attacks took place.

Characteristics of Inception include randomised file names to prevent detection, cloud encryption and malware components embedded in Rich Text Format (RTF) files. Documents associated are in Hindi, Russian, Swedish and English, while one piece of code carries the line "God Save the Queen", though any of these could be red herring devices.

"In September I discovered some files that were a bit out of the ordinary," Snorre Fagerland, co-author of the report, told IBTimes UK. "They were bigger than usual and I soon realised that this was an attack framework that I hadn't seen before, possibly by actors I hadn't noticed before.

"I found a very high quality of code across five different platforms, a very high level of automation and an operational security that is positively paranoid. All of this suggests state involvement."

Fagerland also believes that another factor that indicates state involvement is the selection of targets. There are several target areas that appear to be of strategic interest to a nation state.

The origin of Inception is still unclear but it is not thought to originate from "the usual suspects" of Iran, China or Russia.

"Initially we saw a very clear interest in Russia and the Russian sphere," Fagerland said. "However as we've been gathering more information about this campaign and more target data we see that the fields of interest are much wider than Russia.

"They've targeted countries as far apart as Venezuela, Mozambique and European countries like Belgium, Germany and even the UK to some extent."

The targeting of mobile phone operators in Belgium is of particular significance, Fagerland believes, as it is a "power seat". Both the European Union and Nato have headquarters there.

If it is a nation state that is behind the attacks, as the authors suggest, then the publication of the white paper is likely to push the malware into the shadows to avoid further attention and possible detection.

Related