Red October

Article by Liam Tung

Image credit: Kaspersky

Security researchers have outed a malware espionage network believed to have been collecting documents from hundreds of high profile victims at government agencies, embassies and research organisations since 2007.

Researchers at Russian security vendor Kaspersky Lab have dubbed the espionage network “Red October”, a still-active operation it says has targeted governments of 39 countries and appears to be aimed at gathering classified information and geopolitical intelligence.

It cannot confirm whether the network is run by a government or state-sponsored operation, but said the configuration of its network of command and control servers rivalled the complexity of infrastructure used in the Flame espionage attacks — malware that contained a highly prized exploit that only “elite” hackers could have created, experts said at the time.

Australia was among the list of nations where Kaspersky had detected an infection at an unknown organisation, however most were concentrated at agencies and embassies around Eastern Europe, the former USSR, and Central Asia. Kaspersky notes there were also infections in Western Europe and North America.

Kaspersky had not seen any infections in China and North Korea, however it did not find any in the UK, Germany, or nations from South East Asia and, except Finland, Scandinavia.

Red October, which was more of a “framework” than a single piece of malware, according to Kaspersky, uses exploits created by Chinese hackers. The add-on malware modules that do the leg work, such as information gathering, were most likely created by Russian-speaking hackers, it said.

For the complete article visit: