Red October: the scary Soviet-sounding malware that spies on govt, diplomats

Red October

Red October

Over the past five years governments, diplomats and scientific researchers around the world have been the victim of a high-level cyber espionage campaign.

No, it’s not the plot of a trashy airport novel, it’s actually been happening. According to online security provider Kaspersky Labs, the campaign appears to be targeting specific organizations mostly in Eastern Europe, former USSR members and countries in Central Asia, but also in Western Europe and North America.

The malware behind it reportedly uses known exploits in Microsoft Word and Excel documents in order to gain access to users’s systems. It reportedly does so by using a targeted social engineering element to trick people into opening the infected file.

Kaspersky notes however that the malware isn’t restricted to traditional workstations. The company says that it is also capable of stealing data from mobile devices, such as smartphones (iPhone, Nokia, Windows Mobile); dumping enterprise network equipment configuration (Cisco); hijacking files from removable disk drives (including already deleted files via a custom file recovery procedure); stealing e-mail databases from local Outlook storage or remote POP/IMAP server; and siphoning files from local network FTP servers.

In an interview with the New York Times, Kaspersky’s chief malware expert Vitaly Kamluk said that there are around 300 infected computers worldwide. The company’s analysis of the threat indicates that the people behind it are Russian-speaking, although it has so far been able to pin-point exactly where the attacks come from.

It also warns that it is “possible there are other targeted sectors which haven’t been discovered yet or have been attacked in the past”.

Operation Red October

Full size

More

News

Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.