ProjectSauron has been active since at least 2011, but it was only unearthed recently because it was designed not to use patterns security experts usually look for when hunting for malware. Kaspersky only discovered its existence when it was asked by an unnamed government organization to investigate something weird going on with its network traffic.

The malware can move across a network -- across even air gapped computers that are supposed to be more secure than typical setups -- to siphon passwords, cryptographic keys, IP addresses, configuration files, among other data off computers. It then stores all those information in a USB drive that Windows recognizes as an approved device. Both security companies believe its development required the involvement of specialist teams and that it costs millions of dollars to operate.

They didn't name a government in particular, but they noted that the malware took cues from older tools used for state-sponsored attacks, including Flamer that's been linked to Stuxnet in the past. As you might know, the Stuxnet worm, widely believed to be the joint creation of the US and Israel, infected Iran's nuclear program computers in the mid-2000s.