Please rate:

Hacking - Russia Breaks Red October Code

Hacking - Russia Breaks Red October CodeSOUNDBITE: Vitaly Kamlyuk, chief malware expert, Kaspersky Lab (speaking English): "We have published first part of big report related to the new discovery of large cyber-espionage network which is known as Red October, this is a codename for the cyber espionage campaign. Basically Red October is a large platform of malicious applications which main target is to collect intelligence from various types of organizations including embassies, research institutes and other governmental type of organizations as well as oil and gas industry companies and aerospace research companies. This particular type of threat is interesting because this is implementing by professionals in the area of information security. This actually is proved by the number of unique malicious files that we have detected and currently we count more than 1,000 of unique executables that were developed by these people which actually fit into categories of 34 different unique module types that were designed to do various type of information collection and exfiltration." 00:00 - 01:36StoryA sophisticated cyber-espionage network targeting the world's diplomatic, government and research agencies has been uncovered by the Kaspersky Lab, a Russian multi-national computer security company. It says the malware's complexity could rival that of the notorious Flame virus. "We have published first part of big report related to the new discovery of large cyber-espionage network which is known as Red October, this is a codename for the cyber espionage campaign. Basically Red October is a large platform of malicious applications which main target is to collect intelligence from various types of organizations including embassies, research institutes and other governmental type of organizations as well as oil and gas industry companies and aerospace research companies", chief malware expert at Kaspersky Lab Vitaly Kamlyuk told RT. The system's targets include a wide range of countries, with the primary focus on Eastern Europe, former Soviet republics and Central Asia -- although many in Western Europe and North America are also on the list. In addition to attacking traditional computer workstations, Red October can steal data from smartphones, dump network equipment configurations, snatch files from removable disk drives -- including those that had been erased -- and scan through email databases and local network FTP servers. The information extracted from infected networks is often used to gain entry into additional systems. For example, stolen credentials were shown to be compiled in a list for use when attackers needed to guess passwords or phrases. Cyber-espionage experts have uncovered over 1,000 modules belonging to 30 different module categories. While Rocra (Red October) seems to have been designed to execute one-time tasks sent by the hackers' servers, a number of modules were constantly present in the system executing persistent tasks. "This particular type of threat is interesting because this is implementing by professionals in the area of information security. This actually is proved by the number of unique malicious files that we have detected and currently we count more than 1,000 of unique executables that were developed by these people which actually fit into categories of 34 different unique module types that were designed to do various type of information collection and exfiltration", Kamlyuk explains. The hackers' primary objective is to gather information and documents that compromise governments, corporations or other organizations and agencies. In addition to focusing on diplomatic and governmental agencies around the world, the hackers have also attacked energy and nuclear groups and trade and aerospace targets. No details have been given so far as to who the attackers could be. However, there is strong technical evidence to indicate that the attackers have Russophone origins, as Russian words including slang have been used in the source code commentaries. Many of the known attacks have taken place in Russian-speaking countries. The first instances of Red October malware were discovered in October 2012, but it has been infecting computers since at least 2007, according to Kaspersky. The Kaspersky Lab worked with a number of international organizations while conducting the investigation including the US, Romanian and Belarusian Computer Emergency Readiness Teams.



Previous Media Next Media
Show Description Hide Description

Recommended




‚Äč  
Visit Disclose.tv on Facebook