‘Red October’ is global espionage malware that targeted governments around the world (USA, Iran, Russia, etc.) for 5 years… without being detected

redoctober

Researchers from antivirus firm Kaspersky Lab have discovered something that sounds like it came straight out of a spy movie. A massive, on-going espionage network targeting hundreds of governmental, diplomatic and scientific organizations in at least 39 countries. Before you start pointing fingers at who might be responsible this time around, the United States, Iran, and the Russian Federation are all targets of the attack.

Kaspersky Lab researchers have dubbed it Operation Red October, and it’s been active since 2007. Because it has gone undiscovered for 5 years now, there’s a big possibility that hundreds of terabytes of sensitive information has already been stolen. Attack profiles are customized for each victim by over a 1,000 distinct modules. It’s also capable of attacking a wide variety of devices such as PCs, networking equipment from Cisco Systems and even smartphones from Apple, Microsoft, and Nokia. Some of these modules target files that are encrypted using a system called Cryptofiler, a standard that is now less common by still used by Nato for protecting privacy and information that could be valuable to hackers. The targeting of these files suggest that the hackers might have already cracked its encryption methods.

The command-and-control network that it uses rivals that of the Flame espionage malware that was used to attack Iran. That same infrastructure also uses more than 60 domain names as proxies to obscure the final destination of the stolen data. Researchers believe that these domains funnel data to another tier of proxies, which in turn send information to a “mothership.” The Red October malware has been on more than 300 PCs for the last 5 years and yet remained undetected. Kurt Baumgartner of Kaspersky Labs had this to say about the malware:

“This is a pretty glaring example of a multiyear cyber espionage campaign. “We haven’t seen these sorts of modules being distributed, so the customized approach to attacking individual victims is something we haven’t seen before at this level.”

“It’s been a very-well-maintained and set-up infrastructure that’s supported with multiple levels of proxies in order to hide away the mothership.¬†They’ve been very effective at cycling through these domains and staying under the radar for the past five years.”

Despite the scale of the attacks, not much is known about the individuals or groups behind Operation Red October. The code was littered with broken, Russian-influenced English but many of the exploits that were used were initially developed by Chinese hackers. The long list of victims also helps clouds the identity of the hackers. So despite the “evidence” that they might currently have, Professor Alan Woodward from the University of Surrey says that they can’t be too sure just yet.

“In the sneaky old world of espionage, it could be a false flag exercise. You can’t take those things at face value,” said Woodward.

Baumgartner adds:

“There’s not enough evidence to link it to a nation-state, but certainly this level of interest and multi-year, ongoing campaign puts it up there with something like Flame and Duqu in the amount of effort it takes to seek out those targets and infiltrate the networks.”

…Any guesses as to who is behind this? If I were to guess, I’d say the big fat country in Asia that shows no red on the map shown above. But that is just a guess — it could very well be Canada.

[via Kaspersky, Ars Technica, BBC News]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

10 comments

  1. 2g iphone repair Parts

    whoah this weblog is wonderful i really like studying your posts.
    Keep up the good work! You already know, many people are looking around for this information,
    you could aid them greatly.

  2. sl0j0n

    Hello, all.
    @ “Shawn”:
    Governments everywhere are *ALWAYS* the worst enemies of their own people;
    just look at America.
    As for Canada being ignored, maybe they just didn’t check the *right* computers.
    After all, its “undiscovered” for 5 yrs, & “attacking individual victims”, which would hide it, in itself.
    No, all in all, its like China’s “patent office” exploit.
    You may not recall, but the *great* Al Gore was caught w/ 100′s of 1000s of $ [US], supposedly “donated” by the Chinese Buddhists.
    You know, the ones that take a vow of poverty?
    Anyway, after that, China started making just *everything*.

    Have a GREAT day, neighbor!

  3. Shawn

    Canada … nah we’re useless and seriously who would want to spy on our prime minister Harper… I’d prefer to watch paint dry….

    We sell our resources to buy back our same crap more expensively…

    Wish it still was igloos at least they we’re well built… theses days your lucky if something lasts a year.

    But how ironic with that map to see that we are totaly ignored.