It's called "Snake" and it's being compared to another alleged state-run virus, Stuxnet. And yes, all evidence points to Russia.
According to British-based BAE systems, dozens of computer networks have been infected with the virus, which sometimes goes by the name Ouroboros (named after the serpent in Greek mythology). It works by giving remote attackers "full remote access to the compromised system." It has stealth qualities, including the ability to stay inactive for a number of days.
The cyber weapon has been increasingly used since the beginning of the year, before the overthrow of president Viktor Yanukovych. Security experts are comparing it to Stuxnet, the malware that disrupted Iran's nuclear facilities in 2010. More from AFP:
Although its origins are unclear, its developers appear to operate it in the same timezone as Moscow — GMT plus four hours — and some Russian text is embedded into the code, BAE says. BAE has identified 14 cases of Snake in Ukraine since the start of 2014, compared to eight cases in the whole of 2013. In all there have been 32 reported cases in Ukraine since 2010, out of 56 worldwide. "Our report shows that a technically sophisticated and well-organised group has been developing and using these tools for the last eight years," said David Garfield, the managing director of cyber security at BAE Systems Applied Intelligence. "There is some evidence that links these tools to previous breaches connected to Russian threat actors but it is not possible to say exactly who is behind this campaign."
The problem with releasing sophisticated viruses like these is containability. Take Stuxnet, for example, which was recently detected in a Russian nuclear power plant. It's conceivable that the viruses, once unleashed, might damage other computers and systems in unpredictable and undesirable ways. I think the self-eating snake metaphor in this case is quite apt.
[ AFP ]