Operation Red October Attackers Wielded Spear Phishing

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/security/attacks/operation-red-october-attackers-wielded/240146621

By Mathew J. Schwartz
InformationWeek
January 18, 2013

The Red October malware network is one of the most advanced online espionage 
operations that's ever been discovered. That's the conclusion of Moscow-based 
security firm Kaspersky Lab, which first discovered Operation Red 
October--"Rocra" for short--in October 2012.

"The primary focus of this campaign targets countries in Eastern Europe, former 
USSR republics, and countries in Central Asia, although victims can be found 
everywhere, including Western Europe and North America," according to research 
published by the security firm. The attackers, who appear to speak Russian but 
to have also used some Chinese-made software, seem to have focused their 
efforts on stealing diplomatic and government information, as well as 
scientific research, from not just PCs and servers but also mobile devices.

The Red October attacks began in 2007, and remained active at least through 
Sunday, which was the day before Kaspersky Lab first publicly detailed its 
research into the espionage operation.

In a more detailed technical analysis published Thursday that stretches 140 
pages, Kaspersky Lab provided additional information about the operators' 
attack techniques, including the malware family used in the attacks, which it's 
dubbed Sputnik, and which was used to infect just hundreds of systems. 
"According to our knowledge, never before in the history of [information 
security] has [a] cyber-espionage operation been analyzed in such deep detail, 
with a focus on the modules used for attack and data exfiltration," said 
Kaspersky Lab.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org