‘Red October’: Global cyber-spy network uncovered by Russian experts

‘Red October’: Global cyber-spy network uncovered by Russian experts

Published: 15 January, 2013, 05:56

A sophisticated cyber-espionage network targeting the world's diplomatic, government and research agencies has been uncovered by the Kaspersky Lab, whose experts say the malware's complexity could rival that of the notorious Flame virus.

­The system's targets include a wide range of countries, with the primary focus on Eastern Europe, former Soviet republics and Central Asia – although many in Western Europe and North America are also on the list.

In addition to attacking traditional computer workstations, Rocra – a shortened name for Red October, the name given the network by the Kaspersky team – can steal data from smartphones, dump network equipment configurations, snatch files from removable disk drives, including those that had been erased, and scan through email databases and local network FTP servers.  

Unlike other well-known highly automated cyber-espionage campaigns like Flame and Gauss, the Rorca's attacks all appear to be carefully chosen. Each operation is apparently driven by the configuration of the victim’s hardware and software, native language and even habit of document usage.

The information extracted from infected networks is often used to gain entry into additional systems. For example, stolen credentials were shown to be compiled in a list for use when attackers needed to guess passwords or phrases.

The hackers behind the network have created more than 60 domain names and several server hosting locations in different countries – the majority of those known being in Germany and Russia – which worked as proxies in order to hide the location of the “mothership” control server.

That server's location remains unknown.

Experts have uncovered over 1,000 modules belonging to 30 different module categories. While Rocra seems to have been designed to execute one-time tasks sent by the hackers’ servers, a number of modules were constantly present in the system executing persistent tasks. For example, retrieving information about a phone, its contact list, call history, calendar, SMS messages and even browsing history as soon as an iPhone or a Nokia phone is connected to the system.

The hackers' primary objective is to gather information and documents that compromised governments, corporations or other organizations and agencies. In addition to focusing on diplomatic and governmental agencies around the world, the hackers also attacked energy and nuclear groups and trade and aerospace targets.

No details have been given so far as to who the attackers could be. However, there is strong technical evidence to indicate that the attackers have Russophone origins, as Russian words including slang have been used in the source code commentaries. Many of the known attacks have taken place in Russian-speaking countries.

Views: 79

Reply to This

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

Less Prone commented on Doc Vega's blog post Was Sabotage or Terrorism used in the Collapse of the Francis Scott Key Bridge?
"Perfect for destroying the supply chain. It could well have been intentional."
8 hours ago
Less Prone favorited Doc Vega's blog post Was Sabotage or Terrorism used in the Collapse of the Francis Scott Key Bridge?
8 hours ago
Doc Vega posted blog posts
10 hours ago
rlionhearted_3 posted photos
13 hours ago
rlionhearted_3 favorited Doc Vega's photo
13 hours ago
tjdavis posted a video

Alabama’s Biggest Secret - Operation Paperclip 🇺🇸

In the north of Alabama is the city of Huntsville. It's here where German scientists built NASA in secrecy after World War II. Operation Paperclip is still s...
17 hours ago
tjdavis posted a photo
18 hours ago
Doc Vega commented on Doc Vega's blog post Americans You’re Being Squeezed Out!
"Cheeki kea always nice to her you chime in and you're damn right! "
yesterday
Doc Vega commented on Doc Vega's blog post Americans You’re Being Squeezed Out!
"Les Prone thanks for your support Dude! "
yesterday
Doc Vega posted a photo

The inconvenient truth

Trump spells it out!
yesterday
Sandy posted a photo
Wednesday
Less Prone favorited Doc Vega's blog post What Made the Founding Fathers of America so Brilliant?
Tuesday
Less Prone commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"Motives of Joe, to shit in the well by showing totally irrelevant proof?"
Tuesday
Doc Vega commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"Less, Motives of Wyatt or Joe? What archeologist wouldn't want proof of Jesus as part of his…"
Tuesday
Doc Vega commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"Less Prone, Considering Joe Rogan to be the gatekeeper of anything is just short of ridiculous the…"
Tuesday
Doc Vega posted a blog post
Tuesday
MAC posted a video

Don't Go To Hong Kong Now (Even on Connecting Flights)

Secure your privacy with Surfshark! Enter coupon code laowhy86 for an extra 3 months free at https://Surfshark.deals/laowhy86Article 23 in Hong Kong is real,...
Tuesday
cheeki kea commented on cheeki kea's video
Thumbnail

Terrorist Attack on Moscow - Ukraine Committing Suicide? | Larry C. Johnson

"...And I guess I'll just park this you tube here also for something to ponder from last year.…"
Tuesday
tjdavis posted photos
Tuesday
Less Prone posted a video

Climate: The Movie (The Cold Truth) NL

Deze nieuwe documentaire van de Britse filmmaker Martin Durkin toont aan dat klimaatalarm een verzonnen doembeeld is zonder enige wetenschappelijke basis. He...
Monday

© 2024   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted