A newly discovered sophisticated botnet campaign that is targeting government offices and enterprises was detailed today for the first time.

Dubbed “FritzFrog” by security researchers at Guardicore Ltd., which reported the peer-to-peer botnet today, it’s believed to have been actively breaching SSH servers since January. The botnet executes a worm malware written in the Go language and is described as being modular, multithreaded and fileless, leaving no trace on the infected machine’s disk.

The botnet has been found to be attempting to brute force and propagate on tens of millions of IP address belonging to government offices, educational institutions, medical centers, banks and numerous telecom companies. The research found that the botnet has infected more than 500 servers, including well-known universities in the U.S. and Europe along with a railway company. The countries with the most infections were found to be China, South Korea and the U.S.

Interestingly, FritzFrog was found to have no relationship to previous forms of malware and is completely proprietary, suggesting that those behind it are highly professional software developers. The botnet was also found to be unique even in the way it communicated compared with previous botnets.

The researchers don’t suggest who may be behind the botnet, but the sophistication immediately raises the suspicion that it could have been designed by a nation-state sponsored hacking group.

“FritzFrog takes advantage of the fact that many network security solutions enforce traffic only by the port and protocol,” Guardicore’s Ophir Harpaz noted. “To overcome this stealth technique, process-based segmentation rules can easily prevent such threats.”

Tamer Hassan, co-founder and chief executive officer of bot mitigation firm White Ops Inc., told SiliconANGLE that there has been a fundamental erosion in trust on the internet over the last several years, where you can’t assume that interactions you have online are with humans rather than bots.

“This challenge is going to get even more complicated as sophisticated bots look and act like humans when they click on ads, visit websites, fill out forms, take over accounts and commit payment fraud,” he said. “Bots used to be simple, beneficial tools, and now bad actors are collecting, automating and targeting them at enterprises and consumers by sending millions of bots to do bad things.”

Hassan added that the cybersecurity industry along with partners and law enforcement need to work together to disrupt the economics of cybercrime.

Image: Guardicore