Kaspersky Labs has just uncovered a sophisticated malware that seems to be targeting world leaders, scientific institutions and governments worldwide. Red October has been targeting countries in Eastern Europe and to a lesser extent Western Europe as well as North America. What is alarming is that it has been operating behind the scenes for five years now.
So what does Red October or Rocra do? This malware can gather data from a victim’s computer, smartphone or network. Login credentials can easily be stolen which in turn is used to access further sensitive information. It can steal network configurations, scan through email databases and even copy files from USB thumb drives even those that are erased.
Kaspersky Labs said that this malware has a unique architecture not seen in any other cyber-espionage attacks. Some of its features include
- advanced cryptographic spy-module designed to lift data from Acid Cryptofiler, which is used by NATO, the European Union, European Parliament and European Commission
- capability to steal data from smartphones including Android handsets, iPhones and Windows Phone – including Nokia, Sony Ericsson and HTC models.
Red October was discovered when Kaspersky began investigating attacks on diplomatic service agencies. The company’s experts concluded that the malware has been in operation since 2007 at the very least. They also said that this isn’t the work of any government but by freelancers and it looks professionally done.
The individuals responsible for this have created 60 domain names as well as several server hosting locations, mostly based in Germany and Russia. These worked as proxies which further cloaked the real location of the primary control server.
We now know what this malware can do but do we really know who is behind it? According to Kaspersky it looks like Chinese in origin with some Russian slang embedded in the code suggesting the operator is Russian. Or this could also be an elaborate scheme to mask who really are behinds it.