Kaspersky, best known for its popular anti-virus software has uncovered a huge on-going cyber-spying network, which has been targeting Government and organisations since 2007.

The operation named ‘Red October’ (Rocra) is a discovery that follows a five-year hunt by Kaspersky and other Cyber Emergency Response Teams and is believed to have steamed from a Russian speaking group.

Kaspersky Labs have spent months analysing the malware that has specifically targeted diplomatic, governmental and scientific research organisations across much of Eastern Europe, former USSR members and Central Asia, with some even in Eastern Europe and North America.

The campaign is still active and is continuing to send data from mobile devices, computers and networks to multiple command and control servers, through a complex configuration which rivals that of the Flame malware.

Information collected in these attacks helped to break into additional systems for further attacks.

"To control the network of infected machines, the attackers created more than 60 domain names and several server hosting locations in different countries, with the majority being in Germany and Russia."

The malware also includes features that sets itself apart from most other malware. Things such as the “Resurrection Module”. This has the ability to infect smartphones from both Apple and Microsoft. The module remains as a hidden plug-in inside Adobe Reader and Microsoft Office which can theoretically re-infect a machine even after removal.

"The main objective of the attackers was to gather sensitive documents from the compromised organisations, which included geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment."

Part one of the full paper published by Kaspersky can be read here, with part two, which goes into more detail about the modules, being published in the next few days.

Share this