The Snake Campaign

February 2014 - This report from BAE Systems provides further details on how the recently disclosed ‘Snake’ cyber espionage toolkit operates. Timelines of the malware development show this to be much bigger campaign than previously known. Specifically it reveals that the malware has actually been in development since at least 2005. From the complexity of the malware, and the range of variants and techniques used to support its operation, the research also suggests that Snake’s authors and operators are committed and well-funded professionals.

Our report includes descriptions of:

  • How the malware communicates,
  • The distinctive architectures which have evolved over the years,
  • The use of novel tricks to by-pass Windows security,
  • How it hides from traditional defensive tools.

The BAE Systems' analysis follows a report from a German security company that exposed a component from this project, and opened the lid on a campaign which has been a covert but persistent threat. BAE Systems has built a picture of the activity, and in particular the countries in which this has been seen - mostly in Eastern Europe, but also in the US, UK and other Western European countries.

This threat has received significant attention in the past, albeit under a different name - Agent.BTZ. It came to the surface in 2008 and again in 2011, when sources familiar with the US Department of Defence disclosed that their classified networks had been breached by an early version from this same operation.

Since then the authors have continued development and deployed many advanced features that make it a far more menacing threat than previously. Until now the campaign has largely managed to remain under the radar of the mainstream security industry.

In conjunction with the threat analysis, the report also contains a set of technical indicators which will allow organisations to identify compromises, and security companies to develop improved defences.


Contact our Experts

A member of our sales team can help you today. Email:

Americas Sales: +1 720 696 9830   |   Europe Sales: +44 (0) 330 158 3627   |   Middle East Sales: +44 (0) 330 158 3627
Australia Sales: +61 290 539 330   |   Malaysia Sales: +60 327 309 390   |   Singapore Sales: +65 6951 2440

12 Default Profile Image
BAE Systems Digital Intelligence - Cyber Respond
If you think you have been a victim of a cyber attack contact our 24/7 Cyber Incident Response Team.

UK: 0808 168 6647 
International: +44 (0) 330 158 5263

Download Resources

Snake White Paper

1.08 MB