Kaspersky published a new report today that states that an elusive cyber espionage campaign name Operation “Red October” has been targeting government, diplomatic and scientific research organizations for the last 5 years. Also Read - Kaspersky Labs thinks that reports of hardware hack by China to infiltrate former server supplier for Apple maybe untrue
The main objective of the attackers was to gain access to sensitive data from compromised organizations so the developers created malware steals data and geopolitical intelligence from the victim’s computer, mobile phone and network. Also Read - Kaspersky Lab to transfer its' customer data to Zurich by 2019
The primary target countries are Eastern Europe, countries in Central Asia, former USSR and its republics but victims have been found everywhere, including Western Europe and North America. Also Read - User data transmitted over 'HTTP' at great hacking risk: Kaspersky
The study was initiated in October 2012 by Kaspersky Lab’s experts after a series of attacks on computer networks to target international diplomatic service agencies. The network of cyber espionage was revealed and analyzed during the investigation. Operation Red October or Rocra is still active and their campaigns with malwares and back door Trojans date back to 2007.
Over 60 domain names were created to control infected machines in various network in several countries. The information from infected networks is used as a way to gain access to additional systems. Kaspersky Lab analysis has also shown that a chain of servers was being used to hide the location of the main control server.
Information stolen from infected systems includes documents with extensions: txt, csv, eml, doc, vsd, sxw, odt, docx, rtf, pdf, mdb, xls, wab, rst, xps, iau, cif, key, crt, cer, hse, pgp, gpg, xia, xiu, xis, xio, xig, acidcsa, acidsca, aciddsk, acidpvr, acidppr, acidssa. In particular, the “acid*” extensions appears to refer to the classified software “Acid Cryptofiler”, which is used by several entities, from the European Union to NATO.
Multi-functional attack platforms created by the attackers were developed to quickly adapt to different system types and start harvesting information. The platforms are very unique and its type has not been identified in previous cyber espionage campaigns in the past.