Hunt for the New "Red October"
For five years, it hid in the weeds of networks used by Eastern European diplomats, government employees and scientific research organizations, stealing data and infecting more machines in an espionage campaign rivaling Flame and others of its ilk…Once inside, attackers pivoted internally and stole everything from files on desktops, smartphones and FTP servers, to email databases using exploits developed in China and Russian malware. - From Threatpost, The Kaspersky Lab Security News Service
What is the latest threat that has the security community up in arms? The Russian Internet security firm Kaspersky Lab published a report detailing a cyber espionage network that has been infiltrating computer networks at various international diplomatic, governmental, and scientific research organizations since 2007, gathering data and intelligence from mobile devices, computer systems, and network equipment.
Kaspersky is calling the malware “Red October" or “Rocra,” after the famous novel and movie The Hunt for Red October.
While some attacks were noted in Western Europe and North America, “most of the victims were specific organizations in Eastern Europe, former USSR nations and countries in Central Asia.”
According to Kaspersky:
Like most of these APT-style targeted attacks, this one begins with a spear phishing message; one example provided was an announcement of a diplomatic car for sale. The email messages contain one of three attachments, each a different exploit of an existing vulnerability.
The targets of the malware? Oil and gas companies, aerospace, nuclear research, and trade and commerce organizations. Several hundred infections worldwide have been identified, and Kaspersky states that the campaign is still active.
CBS News interviewed Kurt Baumgartner, senior security researcher at Kaspersky Lab, and reported:
The “Red October” malware has some peculiar characteristics. One of the most interesting findings, Baumgartner tells CBSNews.com, is that the types of targets tend to be geopolitical targets, like government agencies, embassies, nuclear research centers and the military.
Another one of the malware's unique functions lets it “resurrect” infected machines by embedding a plug-in inside of software like Adobe Reader or Microsoft Office. Even if the malware is removed or a patch is installed, hackers can still access the computer because of this work around.
Russia or China could be behind one of the largest and most complex cyber espionage campaigns ever revealed, according to cyber-security experts contacted by Mashable. The operation, codenamed Red October, was uncovered yesterday by the Russian online security giant Kaspersky Lab. Unfortunately the evidence can't clearly show who is behind the attacks. All the experts, including the Kaspersky researchers, warn that caution is due.