Massive Cyber-Espionage Network Targets Valuable Data: Kaspersky
A five-year operation has focused on stealing diplomatic, industrial and scientific data from organizations based mainly in Eastern Europe and Asia, says Kaspersky Lab.A five-year operation that has links to both the Chinese and Russians has focused on stealing diplomatic, industrial and scientific data from organizations based mainly in Eastern Europe and Asia, security firm Kaspersky Lab said in a report published Jan. 14. The operation—dubbed Red October, or Rocra, for short—used more than 60 secondary command-and-control servers in Germany, Russia and other countries to hide the location of the attackers. The series of attacks, which appear to have started in 2007, could be an intelligence-gathering operation launched by some nation or a cyber-criminal campaign aimed at stealing valuable data. Unlike previous attacks, which appeared to be launched by Western nations or as retribution by Iran, the latest campaign appears to have a different set of characteristics, Kaspersky wrote in its analysis. "The information we have collected so far does not appear to point toward any specific location; however, two important factors stand out: The exploits appear to have been created by Chinese hackers, (and) the Rocra malware modules have been created by Russian-speaking operatives," the company stated. The attacks have focused on organizations in the Russian Federation, Kazakhstan, Azerbaijan, Belgium, India, Afghanistan, Armenia and other nations. Kaspersky identified 10 or more victims in each of those countries.
Over the past five years, the operation has collected sensitive information from hundreds of victims, stated the company, which first discovered signs of the campaign in October 2012, when a partner asked Kaspersky to analyze an attack. In total, the security firm has identified more than 1,000 different modules, each of which performed specific activities—sometimes tailored—on the victim's system.