Connect with us

Hi, what are you looking for?

Underworld

’Red October’: Global cyber-spy network uncovered by Russian expert

’Red October’: Global cyber-spy network uncovered by Russian expert 1

A sophisticated cyber-espionage network targeting the world’s diplomatic, government and research agencies, as well as gas and oil industries, has been uncovered by experts at Russia’s Kaspersky Lab.
The system’s targets include a wide range of countries, with the primary focus on Eastern Europe, former Soviet republics and Central Asia – although many in Western Europe and North America are also on the list.
“The majority of infections are actually from the embassies of ex-USSR country members located in various regions such as Western Europe and even in North America – in the US we have few infections as well. But most infections are concentrated around Russia,” Vitaly Kamluk, chief malwareexpert at Kasperky Lab, told RT, adding that in Europe, the hardest-hit countries are apparently Beligum and Switzerland.
In addition to attacking traditional computer workstations, ‘Rocra’ – an abridgment of ‘Red October,’ the name the Kaspersky team gave the network – can steal data from smartphones, dump network equipment configurations, scan through email databases and local network FTP servers, and snatch files from removable disk drives, including ones that have been erased.
Unlike other well-known and highly automated cyber-espionage campaigns, such as ‘Flame’ and ‘Gauss,’ Rorca’s attacks all appear to be carefully chosen. Each operation is apparently driven by the configuration of the victim’s hardware and software, native language and even document usage habits.
The information extracted from infected networks is often used to gain entry into additional systems. For example, stolen credentials were shown to be compiled in a list for use when attackers needed to guess passwords or phrases.
The hackers behind the network have created more than 60 domain names and several server hosting locations in different countries – the majority of those known being in Germany and Russia – which worked as proxies in order to hide the location of the ‘mothership’ control server.
That malicious server’s location remains unknown, but experts have uncovered over 1,000 modules belonging to 34 different module categories.While Rocra seems to have been designed to execute one-time tasks sent by the hackers’ servers, a number of modules were constantly present in the system executing persistent tasks. This included retrieving information about a phone, its contact list, call history, calendar, SMS messages and even browsing history as soon as an iPhone or a Nokia phone is connected to the system.
The hackers’ primary objective is to gather information and documents that could compromise the security of governments, corporations or other organizations and agencies. In addition to focusing on diplomatic and governmental agencies around the world, the hackers also attacked energy and nuclear groups, and trade and aerospace targets.
No details have been given yet as to the attackers’ identity. However, there is strong technical evidence to indicate that the attackers are of Russophone origins, as Russian words including slang have been used in the source code commentaries. Many of the known attacks have taken place in Russian-speaking countries.

Comments

You May Also Like

Apocalypse & Armageddon

An ancient 800-year-old text states that the United States will be embroiled in a conflict involving Iran and Saudi Arabia. This conflict will bring “great...

Planet Earth

The strongest, longest and deadliest blizzard in history was recorded at the end of the 20th century. A terrible snow storm began on the territory...

Planet Earth

Storms and floods of biblical proportions swept Egypt, Israel, and the Middle East. A rare and unusually powerful surface cyclone and frontal system hit the...

Apocalypse & Armageddon

Based on the ratio of confirmed deaths to reported cases, 5.4% of patients died in the United States. This is much higher than the global...

Apocalypse & Armageddon

According to Johns Hopkins University, as of March 3, 2020, the total number of people infected with coronavirus exceeded 91,000. 80,151 people are in...

Apocalypse & Armageddon

In December 2019, the first alarming messages about the appearance of large quantities of locusts began to come from the coast of the Red...

Underworld

Derrick Broze, The Mind Unleashed Waking Times While the world anxiously watches the situation in Iraq unfold, it’s important to understand domestic byproducts of...

Fact or fiction

A Ukrainian plane crashed in Tehran yesterday, presumably shot down by the Iranian Air Defense. Such a version was launched by Jordan-based media Al...

Advertisement