All the latest UK technology news, reviews and analysis


Kaspersky uncovers "Red October" global cyber spying campaign

14 Jan 2013
malware virus security threat

Kaspersky Labs has uncovered another advanced cyber spying campaign targeting numerous governments, political groups, businesses and areas of critical infrastructure.

The discovery follows a five-year hunt by Kaspersky and numerous Cyber Emergency Response Teams (CERT).

While details regarding the campaign's origin remain vague, Kaspersky reported Red October (Rocra) is believed to have stemmed from a Russian-speaking group and been active since at least five years.

The campaign targeted numerous institutions using a custom, highly flexible malware spread using a sophisticated phishing campaign.

"Attackers created unique, highly flexible malware to steal data and geopolitical intelligence from target victims' computer systems, mobile phones and enterprise network equipment," read Kaspersky's report.

"The primary focus of this campaign targets countries in Eastern Europe, former USSR republics and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America."

The majority of incidents occurred in Russia, where Kaspersky reported detecting 38 infections, while Kazakhstan took second with 21 infections.

Belgium had 16 infections, presumably due to its strong links with the European Commission, while six infections were detected in the US. The UK had no infections reported.

The malware reportedly added all infected machines to a global intelligence network setup by the malware's authors.

Information stored on the network was in turn used to help the hackers break into additional systems, creating a snowball effect.

"The attackers often used information exfiltrated from infected networks as a way to gain entry into additional systems," read Kaspersky's report.

"To control the network of infected machines, the attackers created more than 60 domain names and several server hosting locations in different countries, with the majority being in Germany and Russia."

Kaspersky is yet to divulge whether it believes the Red October campaign is state sponsored, though it does feature several unique features separating it from most common malware.

These include a "Resurrection module" cryptographic spy-modules and the ability to infect smartphones and tablets. Windows Phone and iPhone users were said to be susceptible to the attacks.

The resurrection module allows the malware to remain hidden as a plug-in inside Adobe Reader and Microsoft Office installations, theoretically meaning it could re-infect a machine after removal.

The spying modules include a number of files from different cryptographic systems, used by sophisticated government and military organisations like Nato, the European Union, European Parliament and European Commission, Kaspersky reported.

V3 contacted the recently opened European Cybercrime Centre for comment on the finding but had received no reply at time of publication.

Red October is one of many advanced campaigns to have been uncovered by Kaspersky. Earlier in 2012 Kaspersky had helped uncover the infamous Flame malware.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
22%
6%
3%
2%
67%

Popular Threads

Powered by Disqus
Galaxy S5 vs Nexus 5 head to head review front

Galaxy S5 vs Nexus 5 video review

We compare Samsung and Google's top devices

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Service Delivery Manager / Support Operations Manager

Service Delivery Manager / Support Operations Manager...

FICO Business Analyst

SAP FICO Business Analyst required for a large international...

Client-Side web developer (JQuery, Javascript, UI, JMX, FIX)

Client-Side web developer (JQuery, Javascript, UI, JMX...

Assistant IT Director

Assistant IT Director Annual Salary: Up to £74,954...
To send to more than one email address, simply separate each address with a comma.