http://www.informationweek.com/security/attacks/operation-red-october-attackers-wielded/240146621 By Mathew J. Schwartz InformationWeek January 18, 2013 The Red October malware network is one of the most advanced online espionage operations that's ever been discovered. That's the conclusion of Moscow-based security firm Kaspersky Lab, which first discovered Operation Red October--"Rocra" for short--in October 2012. "The primary focus of this campaign targets countries in Eastern Europe, former USSR republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America," according to research published by the security firm. The attackers, who appear to speak Russian but to have also used some Chinese-made software, seem to have focused their efforts on stealing diplomatic and government information, as well as scientific research, from not just PCs and servers but also mobile devices. The Red October attacks began in 2007, and remained active at least through Sunday, which was the day before Kaspersky Lab first publicly detailed its research into the espionage operation. In a more detailed technical analysis published Thursday that stretches 140 pages, Kaspersky Lab provided additional information about the operators' attack techniques, including the malware family used in the attacks, which it's dubbed Sputnik, and which was used to infect just hundreds of systems. "According to our knowledge, never before in the history of [information security] has [a] cyber-espionage operation been analyzed in such deep detail, with a focus on the modules used for attack and data exfiltration," said Kaspersky Lab. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Mon Jan 21 2013 - 22:20:09 PST
This archive was generated by hypermail 2.2.0 : Mon Jan 21 2013 - 22:19:05 PST