Kaspersky uncovers five-year cyber espionage campaign, Red October

Matthew DeCarlo

Matthew DeCarlo

Posts: 5,271   +104
Staff

Kaspersky has uncovered an advanced cyber espionage network that rivals the sophistication of last year's infamous Flame malware but is perhaps more devious, as each attack is handcrafted for its victim to help ensure its success. Referred to as Operation Red October (abbreviated as "Rocra"), the campaign has been ongoing since at least May 2007 and carefully targets victims in over two dozen countries who hold positions in government, military, aerospace, research, trade and commerce, nuclear, oil and other such industries.

red

Investigators aren't sure who's behind the attacks, but it's believed that the exploits used may have been created by Chinese hackers, while the various malware modules deployed seem to have been created by folks who speak Russian. Kaspersky can't identify the source of the operation at this point because it's being run through at least two layers of proxy servers across Russia, Germany and Austria. In other words, the location of the primary command and control center (dubbed the "mothership" C&C) remains unknown.

red

Whoever they are, the operators clearly know what they're doing if they've been secretly lurking on the systems of major governments and industries around the globe for half a decade. During that time, they used at least two different exploits in Microsoft Word and one in Excel to infect targets through spear phishing schemes. After compromising a system, the attackers would harvest whatever sensitive data they could through a series of persistent and one-time tasks conducted with over a thousand modules (malicious files).

red

Some examples of the tasks include swiping information from USB drives (even deleted files), recording keystrokes, taking screenshots, retrieving email from Outlook and mail servers, collecting browsing history and saved passwords, scanning networks to find more potential victims and so on. In addition to being in the dark about who's pulling the strings, Kaspersky isn't sure what they're doing with all this info, besides maybe selling it on the black market. The outfit says there's no evidence that the campaign is state sponsored.

Permalink to story.

https://www.techspot.com/news/51332-kaspersky-uncovers-five-year-cyber-espionage-campaign-red-october.html

 
Considering China is one of the only larger countries without any know infections, it's not surprising that the attacks could be from China.
 
  • Like
Reactions: PC nerd
Anyone understand how Operation Red October becomes "Rocra"?

Unless it's from the Russian words...
 
If you were running this Op, and knew sooner or later, it would be detected and traces or attempts to trace back the data/info to its collection points, not necessarily the Mother-ship Owner/Creator, wouldn't you integrate additional layers of OpSec? Collect data from unimportant targets, low, mid and high value targets, countries in which there are actual targets, countries that are false targets, and so on across the range of variables, industry types, geo-pollitical, leanings, etc. Because China, Canada, Mexico, Norway, etc., don't have identified points of infiltration or successful infiltration, who can say they are or are not the Op runner?
 
The funny thing, when discoveries of this magnitude are made, you can't help thinking about the possible involvement of the company that found it, perhaps just screaming for public attention to boost their antivirus sales :)

Much like all those conspiracy theories :)
 
Since the scheme describing the operation is (C) Kaspersky Lab since 1997, it is obvious that Kasperksy is behind this, since 1997.

And no, Roccra is no a Russian word. Not Chinese either.
 
Those damn Canucks!

images
 
@VitalyT:
Are you telling us your stereotype of Russian people or what? If it is discovered by American anti-virus, I am sure you wouldn't say that.
 
Early man finds rock and throws at another, then comes retaliation; Man discovers war.
Man creates castle, another creates catapult; Man continues war.
Man creates computer network, another creates malware; Man continues war
Seems to be a theme going on here...
 
  • Like
Reactions: Conger88
More then likely it IS China. They have the drive and desire to become a world power once again. It stands to reason that China would be behind the attacks.
 
During one of my 90 hour internships for my A.O.S. Degree in IT, I worked at a place called Jeffs Repair service in Webster, New York and one of issues that came up all the time was college students and nasty malware on thier machines, mostly laptops. Many times we would just run the scan of every AntiVirus out there just to see how many it found. AVG, Avast, Norton, McAfee etc etc we tried them all and time after time Kaspersky picked up and cleaned so much more then the others it was almost comical.
That was in 2006, since then its been the Anti-Virus I recommend to people I like and it looks like Kaspersky is still one of the very best Anti-Virus programs out there.
 
Proof that Canadadian Government & Military are too pathetic to target. Thanks Harper, you even managed to fk that up, somehow. Gawd your pathetic!
 
You must log in or register to reply here.

Similar threads

midian182
Activision Blizzard investigates hacking campaign linked to cheat software
Replies
5
Views
144
Uncle Al
Uncle Al
midian182
  • Locked
Microsoft issues warning on China's use of generative AI to disrupt US elections
2
Replies
41
Views
410
GodisanAtheist
GodisanAtheist
A
Foreign spies are learning how to sabotage critical infrastructure, Australian intelligence...
Replies
7
Views
178
erickmendes
erickmendes

Latest posts

Back