Threat Intelligence Garden

Snowglobe, Animal Farm

2 min read

Snowglobe, Animal Farm

Description

(GData) The revelation about the existence of yet another potentially nation-state driven spyware occurred in March 2014 when Le Monde first published information about top secret slides originating from 2011 and part of their content. But the slides Le Monde published revealed only a small part of the picture – several slides were cut out, some information was redacted. Germany’s Der Spiegel re-published the slide set with far less deletions recently, in January 2015, and therefore gave a deeper insight about what CSEC actually says they have tracked down.

The newly published documents reveal: the so called operation SNOWGLOBE, was discovered in 2009 (slide 9) and consists of three different “implants”, two were dubbed snowballs and one “more sophisticated implant, discovered in mid-2010” is tagged as snowman (slide 7). According to slide 22, “CSEC assesses, with moderate certainty, SNOWGLOBE to be a state-sponsored CNO [Cyber Network Operation] effort, put forth by a French intelligence agency.” The information given dates back to 2011 and nothing else has been published since. Now that specific Babar samples have been identified and analyzed, there might be new information, also with regards to similarities or differences between the two Remote Administration Tools (RATs) EvilBunny and Babar.

Names

NameName-Giver
SnowglobeCSEC
Animal FarmKaspersky
SIG20NSA
ATK 8Thales

Country

State-sponsored

Motivation

  • Information theft and espionage

First Seen

2011

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

1321cfb0-511e-41a0-86a5-e7f1582911af

Last Card Change

2020-04-24

Graph View

Backlinks