Information Security News
mailing list archives
Operation Red October Attackers Wielded Spear Phishing
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 22 Jan 2013 00:20:09 -0600 (CST)
By Mathew J. Schwartz
January 18, 2013
The Red October malware network is one of the most advanced online espionage
operations that's ever been discovered. That's the conclusion of Moscow-based
security firm Kaspersky Lab, which first discovered Operation Red
October--"Rocra" for short--in October 2012.
"The primary focus of this campaign targets countries in Eastern Europe, former
USSR republics, and countries in Central Asia, although victims can be found
everywhere, including Western Europe and North America," according to research
published by the security firm. The attackers, who appear to speak Russian but
to have also used some Chinese-made software, seem to have focused their
efforts on stealing diplomatic and government information, as well as
scientific research, from not just PCs and servers but also mobile devices.
The Red October attacks began in 2007, and remained active at least through
Sunday, which was the day before Kaspersky Lab first publicly detailed its
research into the espionage operation.
In a more detailed technical analysis published Thursday that stretches 140
pages, Kaspersky Lab provided additional information about the operators'
attack techniques, including the malware family used in the attacks, which it's
dubbed Sputnik, and which was used to infect just hundreds of systems.
"According to our knowledge, never before in the history of [information
security] has [a] cyber-espionage operation been analyzed in such deep detail,
with a focus on the modules used for attack and data exfiltration," said
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Operation Red October Attackers Wielded Spear Phishing InfoSec News (Jan 22)