Kaspersky uncovers five-year cyber espionage campaign, Red October

By on January 14, 2013, 4:00 PM

Kaspersky has uncovered an advanced cyber espionage network that rivals the sophistication of last year's infamous Flame malware but is perhaps more devious, as each attack is handcrafted for its victim to help ensure its success. Referred to as Operation Red October (abbreviated as "Rocra"), the campaign has been ongoing since at least May 2007 and carefully targets victims in over two dozen countries who hold positions in government, military, aerospace, research, trade and commerce, nuclear, oil and other such industries.

Investigators aren't sure who's behind the attacks, but it's believed that the exploits used may have been created by Chinese hackers, while the various malware modules deployed seem to have been created by folks who speak Russian. Kaspersky can't identify the source of the operation at this point because it's being run through at least two layers of proxy servers across Russia, Germany and Austria. In other words, the location of the primary command and control center (dubbed the "mothership" C&C) remains unknown.

Whoever they are, the operators clearly know what they're doing if they've been secretly lurking on the systems of major governments and industries around the globe for half a decade. During that time, they used at least two different exploits in Microsoft Word and one in Excel to infect targets through spear phishing schemes. After compromising a system, the attackers would harvest whatever sensitive data they could through a series of persistent and one-time tasks conducted with over a thousand modules (malicious files).

Some examples of the tasks include swiping information from USB drives (even deleted files), recording keystrokes, taking screenshots, retrieving email from Outlook and mail servers, collecting browsing history and saved passwords, scanning networks to find more potential victims and so on. In addition to being in the dark about who's pulling the strings, Kaspersky isn't sure what they're doing with all this info, besides maybe selling it on the black market. The outfit says there's no evidence that the campaign is state sponsored.




User Comments: 24

Got something to say? Post a comment
1 person liked this | Win7Dev said:

Considering China is one of the only larger countries without any know infections, it's not surprising that the attacks could be from China.

Staff
Jesse Jesse said:

Anyone understand how Operation Red October becomes "Rocra"?

Unless it's from the Russian words...

Alvaro Alvaro said:

Anyone understand how Operation Red October becomes "Rocra"?

Unless it's from the Russian words...

It probably is, because it was Kaspersky who named it.

1 person liked this | Guest said:

Its Canada and China behind all the attacks.

Guest said:

@Win7Dev

Is it a case of no attacks or no data given?

Guest said:

If you were running this Op, and knew sooner or later, it would be detected and traces or attempts to trace back the data/info to its collection points, not necessarily the Mother-ship Owner/Creator, wouldn't you integrate additional layers of OpSec? Collect data from unimportant targets, low, mid and high value targets, countries in which there are actual targets, countries that are false targets, and so on across the range of variables, industry types, geo-pollitical, leanings, etc. Because China, Canada, Mexico, Norway, etc., don't have identified points of infiltration or successful infiltration, who can say they are or are not the Op runner?

VitalyT VitalyT said:

The funny thing, when discoveries of this magnitude are made, you can't help thinking about the possible involvement of the company that found it, perhaps just screaming for public attention to boost their antivirus sales

Much like all those conspiracy theories

1 person liked this | SNGX1275 SNGX1275, TS Forces Special, said:

This business will get out of control. It will get out of control and we'll be lucky to live through it.

Guest said:

Since the scheme describing the operation is (C) Kaspersky Lab since 1997, it is obvious that Kasperksy is behind this, since 1997.

And no, Roccra is no a Russian word. Not Chinese either.

Ranger1st Ranger1st said:

Nuke china.. just get it over with and lets move on.

Guest said:

Those damn Canucks!

[image link]

treetops treetops said:

In other news the file cabinet producing company cabco's stock prices jumped up 100 points!

Guest said:

@VitalyT:

Are you telling us your stereotype of Russian people or what? If it is discovered by American anti-virus, I am sure you wouldn't say that.

havok585 havok585 said:

Nuke china.. just get it over with and lets move on.

Get back to sleep, u bad child.

1 person liked this | Guest said:

Early man finds rock and throws at another, then comes retaliation; Man discovers war.

Man creates castle, another creates catapult; Man continues war.

Man creates computer network, another creates malware; Man continues war

Seems to be a theme going on here...

Tygerstrike said:

More then likely it IS China. They have the drive and desire to become a world power once again. It stands to reason that China would be behind the attacks.

amstech amstech, TechSpot Enthusiast, said:

During one of my 90 hour internships for my A.O.S. Degree in IT, I worked at a place called Jeffs Repair service in Webster, New York and one of issues that came up all the time was college students and nasty malware on thier machines, mostly laptops. Many times we would just run the scan of every AntiVirus out there just to see how many it found. AVG, Avast, Norton, McAfee etc etc we tried them all and time after time Kaspersky picked up and cleaned so much more then the others it was almost comical.

That was in 2006, since then its been the Anti-Virus I recommend to people I like and it looks like Kaspersky is still one of the very best Anti-Virus programs out there.

Camikazi said:

Its Canada and China behind all the attacks.

Has to be those Canadians, I knew you couldn't trust their over the top niceness, it was all a trick!!!

Guest said:

Why not UK? with help from romania.:)

PC nerd PC nerd said:

I love how the UK isn't on there.

Maybe they know there's shit all worth stealing here?

Guest said:

And where the hell is Poland on this map ?!!!

Guest said:

Proof that Canadadian Government & Military are too pathetic to target. Thanks Harper, you even managed to fk that up, somehow. Gawd your pathetic!

Guest said:

I also think Romania did it!

Richard Wad Richard Wad said:

This business will get out of control. It will get out of control and we'll be lucky to live through it.

Perhaps its time to consider a reverse mortgage from AEG?

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.