Canada spared by Red October cyber spy ring?

11 years ago

A high-level cyber espionage campaign has successfully broken into computers and networks of government, diplomatic and scientific research organizations around the world for the last five years, according to a report from security software firm Kasperksy Labs.

The campaign, called Rocra (short for Red October) by Kaspersky, is still actively gathering data and intelligence information from mobile devices, computer systems and network equipment of specific targets in Eastern Europe, Central Asia, Western Europe and the United States but seems to have missed Canada.

Top 10 in Kaspersky’s list of most infected nations (those with more than 5 victims) are:

Russian Federation – 35 infections
Kazakhstan – 21
Azerbaijan – 15
India – 14
Afghanistan – 10
Armenia – 10
Iran – 7
Turkmenistan – 7
Ukraine – 6
United States – 6

Information harvested from infected networks is currently being reused for later attacks, said the security company. For example, stolen credentials were compiled in a list and used when attackers needed to guess passwords and network credentials in other locations.

RELATED CONTENT

Cyber espionage is expanding
Canada’s cyber security falling short

To control the network of infected machines, Kaspersky said, the attackers created 60 domain names and several server locations in different countries.

“The C&C infrastructure is actually a chain of servers working as proxies and hiding the location of the true-mothership-command and control server,” the report said.

The multi-functional framework used by the attackers also allow them to steal data from mobile phones, dump enterprise network equipment configuration, hijack files from removable disk drives, steal e-mail databases from Local Outlook storage or remote POP/MAP servers and get files from local network FTP servers.

For more information on Red October go to the Kaspersky Labs Securelist blogsite