The communication between the malware and the command-and-control server is compressed with zlib and then encrypted with AES (Advanced Encryption Standard) using RSA public-key cryptography.
This type of protection is very rarely seen in malware, Raiu said. "Something similar was used in the Flame cyberespionage malware, but on the server side."
This is either a cyberespionage tool created by a nation state or one of the so-called lawful interception tools sold by private contractors to law enforcement and intelligence agencies for large sums of money, he said.
Kaspersky Lab doesn't yet have information about this attack's targets or their distribution around the world, Raiu said.
Reached via email on Wednesday, FireEye's senior director of security research, Zheng Bu, declined to comment on the attack's targets. FireEye published a blog post with technical information about the malware on Wednesday, but didn't reveal any information about victims.
Bu said that the malware uses certain techniques to detect if it's being executed in a virtual machine so it can evade detection by automated malware analysis systems.