15 January 2013, 21:00

Kaspersky Lab uncovers Red October cyber-spying campaign

Kaspersky Lab uncovers Red October cyber-spying campaign

The Kaspersky Lab has discovered a cyber-spying campaign that targets governmental bodies, political groups and research institutions. Geographically the interests of the so-called Red October campaign spread from Switzerland and the US to Uganda and Pakistan.

This is the first time when a cyber-spying campaign of such a scale has been discovered, the lab’s expert Vitaly Kamlyuk said.

"In particular we have discovered more than 1,000 files that were created especially for certain organizations or goals. This requires a group of developers. We also have found more than 60 different domain names and servers located in Germany and Russia."

There is a Chinese trace in malware used by the spies but the main part of evidence proves that the spying campaign was developed in Russia. According to Vitaly Kamlyuk, there were many Russian “slips of the tongue” in internal correspondence between the cyber-spies. In particular, they used slang which is typical for Russian programmers.

The main question is – who was interested in the creation of such a spying campaign? Urvan Parfentyev, leading analyst of the regional public center of internet technologies doubts that there was a government behind the project. However, the Red October campaign does not look like a private initiative of advanced hackers either.

"It is most likely that the campaign was masterminded by a large organization that has enough recourses but does not have its own full-fledged intelligence service. We should not rule out that some of the data obtained via this campaign could be published on Julian Assange’s Wiki Leaks."

It is possible that some oil and gas companies and some public agencies could also be behind the campaign. Kaspersky Lab’s representative stressed that no direct connection was traced between the Red October and any government. At the same time he admitted that some public agencies could be among the campaign’s clients.

“At present there are companies that are developing tools and collecting data without permission from the owners of the information. It is likely that their clients are intelligence agencies and some public institutions”, he said.

Is there any guaranteed protection from cyber espionage? So far there is no decisive answer to this question. But the experts of the Kaspersky Lab notes that employees of the attacked organizations can often team up with the spies. By the way this was the case with the Red October campaign attacks. The virus got into the network after users opened an email received from an unknown sender.

    and share via