íRed Octoberí: Global cyber-spy network uncovered by Russian experts
2013-01-15 0:00

From: RT.com






A sophisticated cyber-espionage network targeting the worldís diplomatic, government and research agencies, as well as gas and oil industries, has been uncovered by experts at Russiaís Kaspersky Lab.

The systemís targets include a wide range of countries, with the primary focus on Eastern Europe, former Soviet republics and Central Asia Ė although many in Western Europe and North America are also on the list.

ďThe majority of infections are actually from the embassies of ex-USSR country members located in various regions such as Western Europe and even in North America Ė in the US we have few infections as well. But most infections are concentrated around Russia,Ē Vitaly Kamluk, chief malware expert at Kasperky Lab, told RT, adding that in Europe, the hardest-hit countries are apparently Beligum and Switzerland.



In addition to attacking traditional computer workstations, ĎRocraí Ė an abridgment of ĎRed October,í the name the Kaspersky team gave the network Ė can steal data from smartphones, dump network equipment configurations, scan through email databases and local network FTP servers, and snatch files from removable disk drives, including ones that have been erased.

Unlike other well-known and highly automated cyber-espionage campaigns, such as ĎFlameí and ĎGauss,í Rorcaís attacks all appear to be carefully chosen. Each operation is apparently driven by the configuration of the victimís hardware and software, native language and even document usage habits.

The information extracted from infected networks is often used to gain entry into additional systems. For example, stolen credentials were shown to be compiled in a list for use when attackers needed to guess passwords or phrases.

The hackers behind the network have created more than 60 domain names and several server hosting locations in different countries Ė the majority of those known being in Germany and Russia Ė which worked as proxies in order to hide the location of the Ďmothershipí control server.

That malicious serverís location remains unknown, but experts have uncovered over 1,000 modules belonging to 34 different module categories.While Rocra seems to have been designed to execute one-time tasks sent by the hackersí servers, a number of modules were constantly present in the system executing persistent tasks. This included retrieving information about a phone, its contact list, call history, calendar, SMS messages and even browsing history as soon as an iPhone or a Nokia phone is connected to the system.

The hackersí primary objective is to gather information and documents that could compromise the security of governments, corporations or other organizations and agencies. In addition to focusing on diplomatic and governmental agencies around the world, the hackers also attacked energy and nuclear groups, and trade and aerospace targets.

No details have been given yet as to the attackersí identity. However, there is strong technical evidence to indicate that the attackers are of Russophone origins, as Russian words including slang have been used in the source code commentaries. Many of the known attacks have taken place in Russian-speaking countries.

ďIt is bound to Russian language. We are currently uncertain which country is responsible for creating these malicious applications, but we are most certain the developers picked the Russian language. It is visible from the text links we extracted from the application. Some of them point to Russian origin. For example, the word used inside of the malware the word is Ďzakladka.í In Russian it means a bookmark, or under cleared functionality it can refer to a backdoor functionality in some legitimate software. So thatís why we believe this work was used by Russian-speaking developers,Ē Kamluk told RT.



The hackers designed their own authentic and complicated piece of software, which has its own unique modular architecture of malicious extensions, info-stealing modules and backdoor Trojans. The malware includes several extensions and malicious files designed to quickly adjust to different system configurations while remaining able to grab information from infected machines.

These included a Ďresurrectioní module, which allowed hackers to gain access to infected machines using alternative communications channels and an encoded spy module, stealing information from different cryptographic systems such as Acid Cryptofiler, which has reportedly been used since 2011 by organizations such as NATO, the European Parliament and the European Commission.

The first instances of Red October malware were discovered in October 2012, but it has been infecting computers since at least 2007, Kaspersky Lab reported. The firm worked with a number of international organizations while conducting the investigation, including Computer Emergency Readiness Teams from the US, Romania and Belarus.

The EU is attempting to counter the huge rise in cyber-espionage by launching the European Cybercrime Center, which opened on Friday.




Article from: rt.com






Flame, Stuxnet Super Cyber Weapons Linked: Researchers

Israel Hints at Role in New ĎSuper Virusí Spreading Across Mideast

Act of War? President Obama Ordered Wave Of Cyber Attacks Against Iran










Related Articles
íRed Octoberí Cyberspy Attack Hits Diplomats, Governments, Scientists
Kaspersky Lab uncovers Red October cyber-spying campaign
Boots on the ground: Obamaís cybersecurity directive could allow military deployment within the US
U.S.-Canada Integrated Cybersecurity Agenda
Expert Issues a Cyberwar Warning
Legal action must be taken against US over cyber attacks: Analyst


Latest News from our Front Page

Amid Russia tensions, US nuclear bombers to conduct military drills in Sweden
2015-05-28 4:23
The Pentagon is planning to send nuclear bombers to Sweden for a military exercise next month amid growing tensions with Russia over the Ukraine crisis. The warplanes, the B-52 Stratofortress, will participate in a naval exercise on June 13, Swedish general Karl Engelbrektson said. They are set to fly from the United States nonstop and simulate a drop of anti-ship mines near ...
'Netanyahu to US: Give 50% more money, we'll shut up'
2015-05-28 4:55
Israeli Prime Minister Benjamin Netanyahu is asking the United States to provide Tel Aviv 50 percent more money for weapons and ‚Äúwe‚Äôll shut up‚ÄĚ on Iran nuclear talks, an author and investigative journalist in Philadelphia says. Dave Lindorff made the remarks in a phone interview with Press TV on Wednesday while commenting on a report which says Israel has asked Washington ...
Britain To Outlaw "Hate" and "Extremism"
2015-05-28 1:53
UK home secretary Theresa May : "But what we're talking about is they key values that underline our society and are being undermined by the extremists. Values like democracy, a belief in democracy, a belief in the rule of law. A belief in tolerance ...eh... for other people. Equality and acceptance for other people's faith and religions. One of the great ...
Killer robots will leave humans 'utterly defenceless' warns professor
2015-05-28 1:08
Robots, called LAWS ‚Äď lethal autonomous weapons systems ‚Äď will be able to kill without human intervention. Killer robots which are being developed by the US military ‚Äėwill leave humans utterly defenceless‚Äė, an academic has warned. Two programmes commissioned by the US Defense Advanced Research Projects Agency (DARPA) are seeking to create drones which can track and kill targets even when ...
Here's how much corporations paid US senators to fast-track the TPP bill
2015-05-28 1:21
Critics of the controversial Trans-Pacific Partnership are unlikely to be silenced by an analysis of the flood of money it took to push the pact over its latest hurdle. A decade in the making, the controversial Trans-Pacific Partnership (TPP) is reaching its climax and as Congress hotly debates the biggest trade deal in a generation, its backers have turned on the ...
More News »