TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Directory
  • Smart Studio
  • Surveys
  • Debates
  • Perspectives
  • DSP Leaders World Forum
  • DSP Leaders
  • Great Telco Debate
    • |
    • Follow
    • |
    • Subscribe
  • |
  • More
  • Webcasts
  • Surveys
  • Debates
  • Perspectives
  • Great Telco Debate
  • |
  • Follow TelecomTV
  • |
    • Subscribe
    • |
  • About
  • Privacy
  • Help
  • Contact
  • Follow TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

News

News

The Hunt for Red October

Jan 15, 2013

Not even Tom Clancy could dream up this one. Security firm Kaspersky Labs yesterday revealed that it has discovered “Operation Red October, what it calls an “advanced cyber-espionage campaign targeting diplomatic, governmental and scientific research organisations in several countries for at least five years. Attackers created unique, flexible malware to steal data and geopolitical intelligence from target victims’ computer systems, mobile phones and enterprise network equipment.

The primary focus of the cyber-espionage campaign, according to Kaspersky Lab’s report, targets countries in Eastern Europe, former USSR Republics and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America.

Kaspersky Lab started its investigation in October last year following a series of attacks against computer networks targeting international diplomatic service agencies. It soon discovered that the attackers have been active since at least 2007 and have been focusing on diplomatic and governmental agencies of various countries, in addition to research institutions, energy and nuclear groups, and trade and aerospace targets.

The Red October attackers designed their own malware, identified as ‘Rocra’, that has its own unique modular architecture comprised of malicious extensions, info-stealing modules and backdoor Trojans.

To infect systems, the attackers sent a targeted spear-phishing email to a victim that included a customised Trojan “dropper”. This used “software exploits” developed and used in previous cyber attacks to install its malware. The attackers then created more than 60 domain names and several server hosting locations in different countries, with the majority being in Germany and Russia, to control the infected machines. This chain of servers was actually working as proxies in order to hide the location of the main control server – which is likely to be in Russia:

“Based on the registration data of the command and control servers and the numerous artefacts left in executables of the malware, there is strong technical evidence to indicate the attackers have Russian-speaking origins.”

Spy software modules were able to steal information from the infected hosts, including encrypted files such as those created by Acid Cryptofiler, which Kaspersky Lab says is used in NATO, the European Union and European Commission. But it wasn’t just laptops and PCs that were infected. The Red October campaign also targeted smartphones.

Kaspersky Lab employed its own methods to investigate, and discovered “several hundred unique infected systems”, the majority of which were located primarily in Eastern Europe, but other infections were also identified in North America and Europe, particularly Switzerland, Luxembourg and Greece – 39 countries in total.

Kaspersky Lab, in collaboration with international organisations, law enforcement agencies and Computer Emergency Response Teams is continuing its investigation of Rocra. Although this could soon develop into a scandel of Stuxnet proportions, there is no evidence that Rocra is in any way linked to the malware worm that attacked Iran's nuclear facilities in 2009. You can access the full report here.

Related Topics
  • Analysis & Opinion,
  • News

More Like This

Open Networking

DZS reinvents itself with RIFT acquisition

Mar 5, 2021

Sustainability

Mobile broadband costs are keeping developing nations on the fringes of the global Internet economy

Mar 5, 2021

Security

Vodafone offers broadband with automatic 4G back-up

Mar 5, 2021

5G

What’s up with… TIP, SFR, ETSI MEC

Mar 4, 2021

Digital Platforms & Services

It turns out IoT is a tech concept in search of a business model

Mar 4, 2021

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

18:24

How Zoom evolved in the pandemic era

26:24

Red Hat and HPE discuss how to support open multi-vendor 5G network slices

14:28

How RADCOM is helping Rakuten Mobile run its innovative 5G network

8:33

Monetizing innovative telco edge services

  • TelecomTV
  • Decisive Media

TelecomTV is produced by the team at Decisive Media

Menu
  • News
  • Videos
  • Channels
  • Directory
  • Smart Studio
 
  • Surveys
  • Debates
  • Perspectives
  • Events
  • About Us
Our Brands
  • TelecomTV Tracker
  • TelecomTV Perspectives
  • DSP Leaders
  • DSP Leaders World Forum
  • The Great Telco Debate
Get In Touch
[email protected]
+44 (0) 207 448 1070

Request a Media Pack

Follow
  • © Decisive Media Limited 2021. All rights reserved. All brands and products are the trademarks of their respective holder(s).
  • Privacy
  • Terms
  • Legal Notices