‘Red October’ malware spies on governments
Kaspersky Labs report on diplomatic attacks investigations published few hours ago has revealed a complex, active malware kit that appears to be in existence over the past five years to spy on diplomatic missions and government agencies around the world. Red October also known as Rocra is a malware that steals user and network credentials, files, Outlook email storage files as well as messages from POP/IMAP mail servers and data from FTP file servers. The malware also contains modules designed to steal data from Windows Mobile, iPhone and Nokia devices. While I was reading the report, it was clear the Russian company used time stamps on the malware to trace Red October use back to 2007.The research details shows Red October was discovered in October last year and rivals the dreaded Flame malware in complexity and ability. Kaspersky engineers firmly believe the malware targets countries in Eastern European, former USSR countries and Central Asian nations. Also, the Western European and North American countries have also been targeted.
At this time, there is no evidence linking Red October to any particular country, but Kaspersky Labs notes the exploits in Red October that target Microsoft Word and Excel seem to have been created by Chinese Hackers and malware modules by Russian-speaking coders. Red October has been active in attacking trade, research, nuclear power and energy institutions, oil and gas companies as well as aerospace enterprises and the military. There were over 60 domain names the attackers used to control the malware and to collect the data it steals, with Internet Protocol addresses geo-located mostly in Russia and Germany according to the report. By monitoring some of the attackers’ domains, Kaspersky was able to record around 55,000 connections from 250 different IP addresses. Red October also infected smartphones and collected login information to test on other systems and has a module that hid in Adobe Reader and Microsoft Office programmes that allowed the attackers to regain access if the virus was discovered and removed. In addition to diplomatic and governmental agencies, it also targeted research institutions, energy and nuclear groups, trade and aerospace targets.