Print

Canada spared by Red October cyber spy ring?
A virulent cyber espionage network has attacked nations both large and small across the globe but apparently left Canada untouched, according to a report from Kaspersky Labs
By: nestor e. arellano
Computing Canada (15 Jan 2013)

A high-level cyber espionage campaign has successfully broken into computers and networks of government, diplomatic and scientific research organizations around the world for the last five years, according to a report from security software firm Kasperksy Labs.

The campaign, called Rocra (short for Red October) by Kaspersky, is still actively gathering data and intelligence information from mobile devices, computer systems and network equipment of specific targets in Eastern Europe, Central Asia, Western Europe and the United States but seems to have missed Canada.

Top 10 in Kaspersky’s list of most infected nations (those with more than 5 victims) are:

Russian Federation – 35 infections
Kazakhstan – 21
Azerbaijan – 15
India – 14
Afghanistan – 10
Armenia – 10
Iran – 7
Turkmenistan – 7
Ukraine – 6
United States - 6

Information harvested from infected networks is currently being reused for later attacks, said the security company. For example, stolen credentials were compiled in a list and used when attackers needed to guess passwords and network credentials in other locations.

RELATED CONTENT

Cyber espionage is expanding
Canada’s cyber security falling short
To control the network of infected machines, Kaspersky said, the attackers created 60 domain names and several server locations in different countries.

“The C&C infrastructure is actually a chain of servers working as proxies and hiding the location of the true-mothership-command and control server,” the report said.

The multi-functional framework used by the attackers also allow them to steal data from mobile phones, dump enterprise network equipment configuration, hijack files from removable disk drives, steal e-mail databases from Local Outlook storage or remote POP/MAP servers and get files from local network FTP servers.

For more information on Red October go to the Kaspersky Labs Securelist blogsite


Copyright © 2013
ITworldcanada.com