Operation “Red October” is Spying on Governments Worldwide
Chris Dougherty
VirtualThreat.com, Contributing Writer
Kaspersky Lab has uncovered a cyber espionage campaign that is targeting diplomatic and government agencies around the world. The campaign has been dubbed “Rocra”, short for “Red October”.
As of this writing the malware at the heart of the attack is actively sending data to several command and control (C&C) servers. According to domain registration details, the campaign has been operational since 2007. The creators of the malware have also designed a complex distributed network that rivals the infrastructure of the recent Stuxnet and Flame campaigns.
“Red October” has successfully infiltrated computer networks at government embassies, military installations and scientific research facilities. Researchers say that the malware is gathering intelligence not only from computers, but also from mobile devices and networking equipment.
The attackers are using spear-phishing techniques tailored to specific victims in eight primary categories:
- Government
- Diplomatic / embassies
- Research institutions
- Trade and commerce
- Nuclear / energy research
- Oil and gas companies
- Aerospace
- Military
Kapersky said hundreds of victims have already been identified worldwide, mostly in Eastern Europe, but there are also reports from Asia, North America and Western European countries.
According to researchers, the data collected so far does not suggest that Operation “Red October” is a nation-sponsored cyber attack. In contrast, the Flame and Stuxnet campaigns were reportedly a joint U.S.-Israeli operation launched in order to stop Iran’s nuclear program.
Kaspersky suggests that the initial exploits used in “Red October” were recycled from earlier work developed by Chinese hackers. However, the malware modules responsible for scanning networks and collecting data appear to have been created by Russian-speaking operatives.
About the author…
Chris Dougherty is a grey hat hacker and online security expert. Please visit his blog, www.VirtualThreat.com, for more excellent news and information about protecting yourself in cyberspace.
This article is offered under Creative Commons license. It’s okay to republish it anywhere as long as attribution bio is included and all links remain intact.
