large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

‘Red October’ cyber-attack campaign discovered

A high-profile cyber-attack campaign dubbed ‘Red October’ that has been in operation since 2007 has been discovered, internet security specialist Kaspersky Lab has confirmed.

Targeting sensitive information held by diplomatic, governmental and scientific research organisations worldwide, the cyber-attack campaign has been discovered following an investigation launched by the malware experts in October 2012. The Red October threat, which can be traced back almost six years, also goes by the codename ‘Rocra’.

Designed to infiltrate encrypted files, the identified ‘Rocra’ malware has been found to gather classified documents that included geopolitical intelligence, access credentials for classified systems and data from personal devices and network equipment.

The unique malware is comprised of several modules each with a specific objective or purpose to steal information from its targets. This malware is capable of stealing data from smartphones, enterprise network equipment such as routers or switches, and retrieving deleted files from USB sticks and external hard drives.

The attackers also used the malware to regain access to any infected machines whose user had discovered and removed the main malware body, by embedding a module as a plug-in within Adobe Reader and Microsoft office installations.

The cyber-attackers, who created more than 60 domain names and multiple server hosting locations across the world, with the majority based in Germany and Russia, infect their victims via a targeted spear-phishing email. This email included a customised Trojan dropper that would exploit security vulnerabilities inside Microsoft Office and Excel in order to infiltrate their targets.

Using its Kaspersky Security Network (KSN), a cloud-based security service that delivers advanced threat protection, Kaspersky detected the exploit code used by the attackers’ malware in 2011 and began the search for similar findings related to ‘Rocra’. The Lab’s research team also created a sinkhole server to monitor all infected machines they were connected to.

Kaspersky’s findings showed that several hundred unique systems had been infected, including multiple embassies, government networks and organisations located primarily in Eastern Europe, as well as North America, and Western European countries such as Switzerland and Luxembourg.

Through various artefacts left in the executables of the malware, Kaspersky says there is strong technical evidence to suggest the attackers have Russian-speaking origins, and are producing malware with executables that were unknown and unidentified prior to the ‘Red October’ campaign.

Offering reasurances to consumers troubled by the potential Red October threat, a Kaspersky spokesperson stated: “The Rocra malware is successfully detected, blocked and remediated by Kaspersky Lab’s products, classified as Backdoor.Win32.Sputnik.”

Do you protect all of your personal devices such as laptops, smartphones and tablets from malware threats or do you see security software as an unneccessary expense? Let us know via the Trusted Reviews Twitter and Facebook feeds or through the comment boxes below.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.