Eye of Sauron-themed trojan hoovers up data

Its a never ending battle against these cyber criminals. Users need to keep their pc's up to date on security applications.

? Very true. And what's really sad is that no matter how much of a tech genius one is, there's always going to be someone sneakier out there who can weasel their way into systems and wreak havoc. Having excellent security isn't optional, it's a necessity. :D

Well, perhaps but a great & important component in any security set up is what sits between one's ears...a bit of common sense and to be honest that is sorely lacking out there these days.
 
BTW, interesting article...just wondering if the riposte to this should be a 'stealthy' approach named 'The Ring of Power' ;)

Espionage platform with more than 50 modules was almost certainly state sponsored.

Dan Goodin (US) - 9/8/2016
 

Jumping air gaps

 
Part of what makes ProjectSauron's so impressive is its ability to collect data from air-gapped computers. To do this, it uses specially prepared USB storage drives that have a virtual file system that isn't viewable by the Windows operating system. To infected computers, the removable drives appear to be approved devices, but behind the scenes are several hundred megabytes reserved for storing data that is kept on the air-gapped machines. The arrangement works even against computers in which data-loss prevention software blocks the use of unknown USB drives.
 
Kaspersky researchers still aren't sure precisely how the USB-enabled exfiltration works. The presence of the invisible storage area doesn't in itself allow attackers to seize control of air-gapped computers. The researchers suspect the capability is used only in rare cases and requires use of a zero-day exploit that has yet to be discovered. In all, Project Sauron is made up of at least 50 modules that can be mixed and matched to suit the objectives of each individual infection.
 
Full Article

The article is quite correct but I would say that 'impressive' is not the word re. the ability to collect from 'air-gapped' systems...I would use the term 'very concerning' indeed. :(

BY:Jai Vijayan
 
Kaspersky Lab says newly discovered threat actor ProjectSauron -- called Strider by Symantec -- has hit organizations in Russia, Rwanda, Iran, and Italian-speaking nations.
A cyber espionage group that has been operating covertly since at least June 2011 had its cover blown this week by two security vendors, both of whom said they discovered the group’s activity from malware samples submitted to them by their respective customers.
Kaspersky Lab, which has dubbed the group ProjectSauron, described it as a sophisticated nation-state threat actor targeting state organizations. The group has been using a different set of attack tools for each victim making its activities almost impossible to spot using traditional indicators of compromise, the vendor said.
The core payloads used by ProjectSauron to exfiltrate data from victim networks are customized for individual targets and are never used again in other attacks. “This approach, coupled with multiple routes for the exfiltration of stolen data, such as legitimate email channels and DNS, enables ProjectSauron to conduct secretive, long-term spying campaigns in target networks,” the Kaspersky Lab said in an alert Monday.
 
full article here:

Well, that is an eclectic mix of target countries...perhaps the miscerants are attempting to throw us of the piste with such a wacky approach at targeting...LOL