Home page logo
/

isn logo Information Security News mailing list archives

Operation Red October Attackers Wielded Spear Phishing
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 22 Jan 2013 00:20:09 -0600 (CST)

http://www.informationweek.com/security/attacks/operation-red-october-attackers-wielded/240146621

By Mathew J. Schwartz
InformationWeek
January 18, 2013

The Red October malware network is one of the most advanced online espionage operations that's ever been discovered. That's the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October--"Rocra" for short--in October 2012.

"The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America," according to research published by the security firm. The attackers, who appear to speak Russian but to have also used some Chinese-made software, seem to have focused their efforts on stealing diplomatic and government information, as well as scientific research, from not just PCs and servers but also mobile devices.

The Red October attacks began in 2007, and remained active at least through Sunday, which was the day before Kaspersky Lab first publicly detailed its research into the espionage operation.

In a more detailed technical analysis published Thursday that stretches 140 pages, Kaspersky Lab provided additional information about the operators' attack techniques, including the malware family used in the attacks, which it's dubbed Sputnik, and which was used to infect just hundreds of systems. "According to our knowledge, never before in the history of [information security] has [a] cyber-espionage operation been analyzed in such deep detail, with a focus on the modules used for attack and data exfiltration," said Kaspersky Lab.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org

  By Date           By Thread  

Current thread:
  • Operation Red October Attackers Wielded Spear Phishing InfoSec News (Jan 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault