European Commission rules out Red October malware attack

The European Commission (EC) has said there is no evidence to suggest the Red October cyber espionage campaign managed to infiltrate its networks.

The five-year campaign was uncovered earlier in the week, targeting numerous government organisations.

However, an EC spokesperson told V3 it has yet to detect any evidence of the Red October campaign's malware in its systems.

"So far there is no concrete evidence that the Commission has been targeted by this malware. But the security team are aware of the threat and are of course working on a permanent basis to control this and any other kind of attacks," the spokesperson told V3.

The news is surprising as Belgium was the third most infected country targeted by Red October, according to security firm Kaspersky Labs, which reported detecting 16 infections in the country.

Only two other countries boasted more infections, with Kaspersky detecting 38 incidents in Russia and 21 incidents in Kazakhstan.

The high number of Belgium infections was initially believed to be due to the country's close ties with the European Parliament and Commission.

Red October is a sophisticated cyber espionage campaign believed to have stemmed from a Russian-speaking group. It is thought to have been active for at least five years.

Red October is the latest cyber espionage tool to be uncovered targeting political institutions. Prior to Red October, Kaspersky also uncovered the infamous Flame malware.

Despite sharing a common purpose to Flame and being similarly complex, Kaspersky has been quick to note the two campaigns are not linked.

"So far, we haven't come by any credible information that can suggest a link between the authors of Red October and Flame. The two campaigns are significantly different and at the moment we do not have any technical evidence that connects them," Kaspersky director, Costin Raiu told V3.

"In terms of complexity and sophistication of this attack, Red October is on par with Flame. At the same time, there is no clear evidence that links Red October with a nation-state sponsored operation. In terms of methods used to attack victims Flame and Red October are very different."