While the attacks began before President Viktor Yanukovych was ousted from office in February, no one can say for sure who was behind the infection although suspicion is falling on Russia, the New York Times reported Saturday.
The cyberespionage tool kit showed up more this year in Ukraine as protests in Kiev picked up steam before Yanukovych was dumped, the Times said. Protesters, angered by Yanukovych's decision in November not to sign trade and political agreements with the European Union in favor of closer ties to Russia, triggered massive protests.
Snake gives attackers remote access to a compromised system, the BAE report released Friday said.
The Times said BAE cited circumstantial evidence the attacks originated in Russia, with the report saying malware developers operate in the Moscow time zone and Russian text was found in the code.
U.S. intelligence officials said it was unclear if the use of the malware was state-sponsored and Snake was one of many types of malware Ukraine battles daily, the Times said.
"The usual Russian approach would be to design something that could both conduct surveillance and aid in an attack," one senior intelligence official told the Times.
Martin Sutherland, the managing director of BAE Systems Applied Intelligence, while "some awareness" of the Snake malware has been known for years, "until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously."