Diplomatic and government agencies targeted in years-long cyberespionage operation
The attackers used custom malware to target organizations from 39 countries, Kaspersky Lab says
IDG News Service - Unidentified attackers stole sensitive information from hundreds of diplomatic, government, research and military organizations from around the world as part of a newly uncovered cyberespionage campaign that started nearly six years ago. The operation involved the use of highly customized and sophisticated data theft malware, researchers from antivirus firm Kaspersky Lab said Monday.
Kaspersky researchers started investigating the ongoing operation, which they dubbed "Red October," in October 2012. However, based on timestamps found in associated malicious files and registration dates for some of the command-and-control domain names, the attack campaign might have started in May 2007, they said Monday in a blog post.
The targeted organizations include embassies, government agencies, military facilities, nuclear and aerospace research institutions, oil and gas companies and other high-profile institutions. Several hundred systems have been infected within the targeted organizations, said Costin Raiu, director of Kaspersky Lab's global research and analysis team.
Many of the affected organizations are located in former USSR states such as Russia, Ukraine, Belarus, Kazakhstan, Armenia and Azerbaijan. However, victims have also been identified in the United States, Brazil, India, Belgium, Switzerland, Germany and other countries, with some specific exceptions such as China, Raiu said.
In total, affected organizations have been identified in 39 countries, according to a detailed analysis of the operation published Monday by Kaspersky Lab.
"We believe that the main goal of this operation is to obtain classified information which can be used for geopolitical gains," Raiu said. There's no proof that this cyberespionage operation is sponsored by a nation state, but the high-profile data stolen from the victims can of course be used by nation states to their advantage. One possibility is that this information is stolen with the intent of being sold to the highest bidder, he said.
The spear-phishing attacks -- targeted email attacks -- associated with this cyberespionage operation distribute malicious documents that exploit known vulnerabilities in Microsoft Excel or Word to install a custom piece of malware on computers. It appears that the same exploits were previously used in targeted attacks against Tibetan activists, as well as military and energy sector targets in Asia.
The exploits used in the Red October operation appear to have been created on computers that use Simplified Chinese character encoding, Raiu said. However, there's strong reason to believe that the distributed malware was created by Russian-speaking developers, he said.
It is unclear why the Red October attackers are reusing the Chinese exploits instead of creating their own, but one possibility is that they are attempting to trick investigators into believing that the attacks are associated with other campaigns, Raiu said.
- SBIC: Transforming Information Security This report combines perspectives on technologies with experience in strategy to help security teams navigate complex decisions regarding technology deployments while maximizing investments.
- Is Your Credit Card Data Safe from Hacks? News of recent credit card hacks has rocked consumer confidence. Even talk of a security breach can bring on a PR firestorm. What...
- Protecting Your Mid-Size Business from Today's Security Threats Think you're too small to get hacked? Think again.
- CSO QuickPulse IT Security: Midsize Businesses Face Enterprise This survey finds that midsize firms lack understanding of vulnerabilities, and need comprehensive security tools.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed in recent years, and it continues to escalate. All Cybercrime and Hacking White Papers | Webcasts
Computerworld has launched its annual search for outstanding IT leaders who align technology with business goals. Nominate a top IT executive for the 2015 Premier 100 IT Leaders awards now through July 18.