A sophisticated cyber-espionage campaign has been successfully penetrating diplomatic, governmental and scientific research organizations across the globe for nearly five years, according to a new report.
Dubbed “Red October,” the malware was first discovered by security giant Kaspersky Lab in October 2012, after the lab’s researchers began investigating a series of cyber attacks against international diplomatic service agencies.
“During the past months, we’ve counted several hundreds of infections worldwide – all of them in top locations such as government networks and diplomatic institutions,” the researchers revealed last week in a report on the issue. “The infections we’ve identified are distributed mostly in Eastern Europe, but there are also reports coming from North America and Western European countries such as Switzerland or Luxembourg.”
According to the lab, Red October has been successfully stealing data from smartphones, removable disk drives, email databases from Microsoft Outlook and from local network FTP servers.
“Based on registration data of the [control-and-command] servers and numerous artifacts left in executables of the malware, we strongly believe that the attackers have Russian-speaking origins,” the researchers concluded, noting that the malware appeared to seek out classified software used by entities like the European Union and NATO.
But just as fast as news of the cyber-espionage campaign spread, Kaspersky Lab on Friday released an additional report to note that the attackers appeared to be closing up shop.
“It’s clear that the infrastructure is being shut down,” Kaspersky security specialist Costin Raiu said in a statement. “Not only [are] the registrars killing the domains and the hosting providers killing the command-and-control servers, but perhaps the attackers [are] shutting down the whole operation.”
While Raiu advised there may still be a number of servers involved that Kaspersky Labs has yet to uncover, for now, it seems the attackers behind Red October know they are being hunted.
____
Michelle Kincaid is a DC-based public affairs professional specializing in technology policy. She is also creator of the blog CybersecurityNews.org. Follow her on Twitter at @OnCybersecurity.