A sophisticated cyber-espionage network targeting the world’s diplomatic, government and research agencies, as well as gas and oil industries, has been uncovered by experts at Russia’s Kaspersky Lab.
The system’s targets include a wide range of countries, with the primary focus on Eastern Europe, former Soviet republics and Central Asia – although many in Western Europe and North America are also on the list.
“The majority of infections are actually from the embassies of ex-USSR country members located in various regions such as Western Europe and even in North America – in the US we have few infections as well. But most infections are concentrated around Russia,” Vitaly Kamluk, chief malware expert at Kasperky Lab, told RT, adding that in Europe, the hardest-hit countries are apparently Beligum and Switzerland.
In addition to attacking traditional computer workstations, ‘Rocra’ – an abridgment of ‘Red October,’ the name the Kaspersky team gave the network – can steal data from smartphones, dump network equipment configurations, scan through email databases and local network FTP servers, and snatch files from removable disk drives, including ones that have been erased.
Unlike other well-known and highly automated cyber-espionage campaigns, such as ‘Flame’ and ‘Gauss,’ Rorca’s attacks all appear to be carefully chosen. Each operation is apparently driven by the configuration of the victim’s hardware and software, native language and even document usage habits.
The information extracted from infected networks is often used to gain entry into additional systems. For example, stolen credentials were shown to be compiled in a list for use when attackers needed to guess passwords or phrases.
The hackers behind the network have created more than 60 domain names and several server hosting locations in different countries – the majority of those known being in Germany and Russia – which worked as proxies in order to hide the location of the ‘mothership’ control server.
That malicious server’s location remains unknown, but experts have uncovered over 1,000 modules belonging to 34 different module categories.While Rocra seems to have been designed to execute one-time tasks sent by the hackers’ servers, a number of modules were constantly present in the system executing persistent tasks. This included retrieving information about a phone, its contact list, call history, calendar, SMS messages and even browsing history as soon as an iPhone or a Nokia phone is connected to the system.
The hackers’ primary objective is to gather information and documents that could compromise the security of governments, corporations or other organizations and agencies. In addition to focusing on diplomatic and governmental agencies around the world, the hackers also attacked energy and nuclear groups, and trade and aerospace targets.
No details have been given yet as to the attackers’ identity. However, there is strong technical evidence to indicate that the attackers are of Russophone origins, as Russian words including slang have been used in the source code commentaries. Many of the known attacks have taken place in Russian-speaking countries.
“It is bound to Russian language. We are currently uncertain which country is responsible for creating these malicious applications, but we are most certain the developers picked the Russian language. It is visible from the text links we extracted from the application. Some of them point to Russian origin. For example, the word used inside of the malware the word is ‘zakladka.’ In Russian it means a bookmark, or under cleared functionality it can refer to a backdoor functionality in some legitimate software. So that’s why we believe this work was used by Russian-speaking developers,” Kamluk told RT.
The hackers designed their own authentic and complicated piece of software, which has its own unique modular architecture of malicious extensions, info-stealing modules and backdoor Trojans. The malware includes several extensions and malicious files designed to quickly adjust to different system configurations while remaining able to grab information from infected machines.
These included a ‘resurrection’ module, which allowed hackers to gain access to infected machines using alternative communications channels and an encoded spy module, stealing information from different cryptographic systems such as Acid Cryptofiler, which has reportedly been used since 2011 by organizations such as NATO, the European Parliament and the European Commission.
The first instances of Red October malware were discovered in October 2012, but it has been infecting computers since at least 2007, Kaspersky Lab reported. The firm worked with a number of international organizations while conducting the investigation, including Computer Emergency Readiness Teams from the US, Romania and Belarus.
The EU is attempting to counter the huge rise in cyber-espionage by launching the European Cybercrime Center, which opened on Friday.
ABC Is Hiding Details of Killer Vester Flanagan's Manifesto ...(Must Be Littered With Liberal Propaganda) 2015-08-29 3:45
Killer Vester Flanagan was a big Obama supporter.
But, you’d never know it from the liberal media.
The media is hiding Flanagan’s political leanings from the American public.
ABC has yet to release Flanagan’s manifesto.
It must be littered with embarrassing liberal propaganda.
The Tatler reported, via Instapundit:
Two days ago, ABC News reported that Vester Flanagan, the murderer of two WDBJ employees, sent a 23-page ...
Austria, Libya count dead as number of migrants crossing Mediterranean soars 2015-08-29 1:37
Austria said on Friday 71 refugees including a baby girl were found dead in an abandoned freezer truck, while Libya recovered the bodies of 82 migrants washed ashore after their overcrowded boat sank on its way to Europe and scores more were feared dead.
The U.N. refugee agency said the number of refugees and migrants crossing the Mediterranean to reach Europe ...
Financial Times Calls For Abolishing Cash 2015-08-29 1:07
liminating physical currency necessary to give central banks more power
The Financial Times has published an anonymous article which calls for the abolition of cash in order to give central banks and governments more power.
Entitled The case for retiring another ‘barbarous relic’, the article laments the fact that people are stockpiling cash in anticipation of another economic collapse, a factor which ...
Serbian government bans anti-mass immigration protests, and plans ahead for mass immigration 2015-08-29 1:52
Nebojsa Stefanovic, Serbia’s Interior Minister said protesters who are concerned about “an EU plan” to settle thousands of illegal immigrants into the country, will not be allowed to voice their concerns in a protest march on Monday, 31st of August.
“We will not allow the expression of intolerance and hatred to be something that is characteristic of Serbia” said Stefanovic.
“The Ministry ...
Germany asks Facebook to remove 'racist' anti-migrant posts 2015-08-28 20:32 Heiko Maas, Germany's justice minister, says social network should remove xenophobic posts in the same way it deals with nudity
Germany is calling on Facebook to remove “xenophobic and racist” anti-migrant posts from its website and apps.
Heiko Maas, the German justice minister, has written to the company to demand an urgent review of its policy over hate messages.
“Photos of certain ...