All the latest UK technology news, reviews and analysis

Kaspersky uncovers "Red October" global cyber spying campaign

14 Jan 2013
malware virus security threat

Kaspersky Labs has uncovered another advanced cyber spying campaign targeting numerous governments, political groups, businesses and areas of critical infrastructure.

The discovery follows a five-year hunt by Kaspersky and numerous Cyber Emergency Response Teams (CERT).

While details regarding the campaign's origin remain vague, Kaspersky reported Red October (Rocra) is believed to have stemmed from a Russian-speaking group and been active since at least five years.

The campaign targeted numerous institutions using a custom, highly flexible malware spread using a sophisticated phishing campaign.

"Attackers created unique, highly flexible malware to steal data and geopolitical intelligence from target victims' computer systems, mobile phones and enterprise network equipment," read Kaspersky's report.

"The primary focus of this campaign targets countries in Eastern Europe, former USSR republics and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America."

The majority of incidents occurred in Russia, where Kaspersky reported detecting 38 infections, while Kazakhstan took second with 21 infections.

Belgium had 16 infections, presumably due to its strong links with the European Commission, while six infections were detected in the US. The UK had no infections reported.

The malware reportedly added all infected machines to a global intelligence network setup by the malware's authors.

Information stored on the network was in turn used to help the hackers break into additional systems, creating a snowball effect.

"The attackers often used information exfiltrated from infected networks as a way to gain entry into additional systems," read Kaspersky's report.

"To control the network of infected machines, the attackers created more than 60 domain names and several server hosting locations in different countries, with the majority being in Germany and Russia."

Kaspersky is yet to divulge whether it believes the Red October campaign is state sponsored, though it does feature several unique features separating it from most common malware.

These include a "Resurrection module" cryptographic spy-modules and the ability to infect smartphones and tablets. Windows Phone and iPhone users were said to be susceptible to the attacks.

The resurrection module allows the malware to remain hidden as a plug-in inside Adobe Reader and Microsoft Office installations, theoretically meaning it could re-infect a machine after removal.

The spying modules include a number of files from different cryptographic systems, used by sophisticated government and military organisations like Nato, the European Union, European Parliament and European Commission, Kaspersky reported.

V3 contacted the recently opened European Cybercrime Centre for comment on the finding but had received no reply at time of publication.

Red October is one of many advanced campaigns to have been uncovered by Kaspersky. Earlier in 2012 Kaspersky had helped uncover the infamous Flame malware.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Developer

ShortList Recruitment has an exciting opportunity for...

Web Developer

We are looking for an experienced Web Developer to join...

Desktop IT Support Engineer Windows Finance Reading Berks

Desktop Support Engineer (Senior IT Support Technician...

Senior Infrastructure Engineer

I have an urgent requirement for a Senior Infrastructure...
To send to more than one email address, simply separate each address with a comma.