Diplomatic and government agencies targeted in years-long cyberespionage operation
The attackers used custom malware to target organizations from 39 countries, Kaspersky Lab says
IDG News Service - Unidentified attackers stole sensitive information from hundreds of diplomatic, government, research and military organizations from around the world as part of a newly uncovered cyberespionage campaign that started nearly six years ago. The operation involved the use of highly customized and sophisticated data theft malware, researchers from antivirus firm Kaspersky Lab said Monday.
Kaspersky researchers started investigating the ongoing operation, which they dubbed "Red October," in October 2012. However, based on timestamps found in associated malicious files and registration dates for some of the command-and-control domain names, the attack campaign might have started in May 2007, they said Monday in a blog post.
The targeted organizations include embassies, government agencies, military facilities, nuclear and aerospace research institutions, oil and gas companies and other high-profile institutions. Several hundred systems have been infected within the targeted organizations, said Costin Raiu, director of Kaspersky Lab's global research and analysis team.
Many of the affected organizations are located in former USSR states such as Russia, Ukraine, Belarus, Kazakhstan, Armenia and Azerbaijan. However, victims have also been identified in the United States, Brazil, India, Belgium, Switzerland, Germany and other countries, with some specific exceptions such as China, Raiu said.
In total, affected organizations have been identified in 39 countries, according to a detailed analysis of the operation published Monday by Kaspersky Lab.
"We believe that the main goal of this operation is to obtain classified information which can be used for geopolitical gains," Raiu said. There's no proof that this cyberespionage operation is sponsored by a nation state, but the high-profile data stolen from the victims can of course be used by nation states to their advantage. One possibility is that this information is stolen with the intent of being sold to the highest bidder, he said.
The spear-phishing attacks -- targeted email attacks -- associated with this cyberespionage operation distribute malicious documents that exploit known vulnerabilities in Microsoft Excel or Word to install a custom piece of malware on computers. It appears that the same exploits were previously used in targeted attacks against Tibetan activists, as well as military and energy sector targets in Asia.
The exploits used in the Red October operation appear to have been created on computers that use Simplified Chinese character encoding, Raiu said. However, there's strong reason to believe that the distributed malware was created by Russian-speaking developers, he said.
It is unclear why the Red October attackers are reusing the Chinese exploits instead of creating their own, but one possibility is that they are attempting to trick investigators into believing that the attacks are associated with other campaigns, Raiu said.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Four Little-Known Ways WAN Optimization Can Benefit Your Organization WAN optimization has evolved into a complete system that optimizes traffic across a broad range of most popular applications while providing deep visibility...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Online Video and Web Traffic: Sochi 2014 Winter Olympic Games Over 25 leading global broadcasters worked with Akamai to deliver the action, excitement and inspiration of Sochi because they understand online viewers expect... All Networking White Papers | Webcasts