New Red October Malware Has Been in Hiding for 5 Years

By Gerowen
in Back Page News

 Share

Recommended Posts

Grand Master

Gerowen

Posted
Posted

Kind of scary if you think about it, the amount of stuff out there that nobody knows exists.

Source: http://gizmodo.com/5...-in-the-shadows

Image courtesy of: http://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies

Meet Red October: The Global Cyber-Espionage Ring That Spent 5 Years in the Shadows

There are plenty of cyberweapons floating around out there, like Stuxnet, Flame, and that whole gang. Now, Kaspersky has turned up a cyber-espoinage operation its dubbed "Red October," and it's up there in the big leagues. But unlike its cohorts, it doesn't look state-sponsored. This is a freelance job, and it's professional grade.

While Red October has only recently been discovered, it's been working behind the scenes for a long time. According to its domain names and various details dug up from the executable code, it's been doing its thing since 2007, if not earlier. And what is its thing? Harvesting loads of classified information from high-profile targets across the globe?including the United States, but mostly in Eastern Europe and Central Asia. And it's got quite the stash.

Red October has been infecting targets through vulnerabilities in MS Word and MS Excel. Once there's a foothold, the infected devices call back to command servers for customized packages of malware signed with victim-specific 20 digit codes. From there, it collects data straight from government institutions, embassies, research firms, military installations, and energy providers, nuclear and otherwise. Over the past half-decade, Red October has been able to dive deeper and deeper into classified intel by using its ever-growing store of pilfered credentials, logins, and other handy tidbits to intelligently guess its way through security.

Part of the reason it's especially dangerous is that it's not confined to infecting, stealing from, and keylogging workstations. The malware also has to capability to get into mobile phones (iOS, Windows Mobile, and Nokia) connected to infected machines and snag a copy of their contacts, calls, messages, and browsing history. It can also scrub enterprise network equipment and removable disk drives, copy entire email databases from Outlook storage and POP/IMAP servers, and it can even take deleted files off USB sticks using its own recovery mechanism. Red October doesn't mess around.

What it can get is one question, but who it's run by is a very different one. According to Kaspersky the exploits are probably Chinese in origin, and Russian slang in some of the code implies the operators speak Russian. Or they're running an in-depth long-con to make people think they do. Most of the command & control servers and domains that can be found are located in and around Germany and Russia, but an intense chain of proxies is still effectively masking the operation's real home base. And while it rivals state-sponsored projects in size and complexity, its never been known to tangle with or team up with them in any way. Red October is a solitary hoarder, sitting in some cyber-shack alone, surrounded by heaps of top secret info.

Likewise, it's still up for grabs what all this espionage is for. There's no evidence to suggest this is a state-sponsored affair, and it seems to be just trucking along, collecting as much classified information as possible just to have it around. Infections are most prominent in Russia (35 infections) but Afghanistan (10), Iran (7), the United States (6), and even Switzerland (5) are on the map as well. But there's no telling what's been done with any info. It could be being sold, acting on in some covert way, or just stockpiled for the right moment for...something.

It's hard not to imagine a man sitting behind a large desk, his face obscured by shadow, tapping his fingers and chuckling to himself sinisterly, watching his own private store of the world's confidential information grow before his very eyes as he ponders what do with it all. And that might not be too far off from the truth. This isn't just a game for nation-states to play; it looks like there's a free agent in the mix, and he/she/they/it/ is every bit as competent as the big names.

208194085.png

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Why it's almost impossible to produce a smartphone in the United States

      By ad47uk · Posted

      Cheap labour, the same as the U.K. China pays their people pittance.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By ad47uk · Posted

      Those people that come over here on boats are already in a safe country, if they want to come over here then do so correctly though the right channels. I was born in the U.K, my family that came over here came so via the proper means. My partner came here via the correct channels, she also became a British citizen, she knows more about this country than most of them that was born here, including myself, she worked hard to do what she does. She will stick up for this country and have done a few times, when people from her own part of world have put the U.K down. We are not going to agree, all I said to start with is that maybe Trump has the right idea with this America first thing and maybe we should start doing the same. Maybe not as drastic as what he is doing, but we do need to sort this country out, we need to sort out tech instead of relying on the U.S and others. Again you have not shown why you are so annoyed that we have left the E.U and this is what it is all about? If you don't live in the U.K and live in the E.U are you annoyed that we left your little club? If you live in the U.K and is pro-E.U, then fair enough then I can see how it annoys you. Are you one of these people who lives in the U.K and have a holiday chalet in the E.U and can now only stay there for so long? If so, then that is bad luck. As I have posted before, I have no problem with people coming here to work, as long as they do if via the proper channels. We are out of the E.U, people voted out, and maybe if more people had voted instead of sitting on their backsides the results would have been different. But they like the E.U and our government thought no we would not vote to leave. How wrong they were, surprised me. I expected to wake up in the morning and hear on the radio that we voted to stay. As I said, we are out and have been for 10 years, we are not going to go back in anytime soon if we ever do, so we all need to make the best of how things are. Anyway, this is supposed to be a tech site.
    • Why it's almost impossible to produce a smartphone in the United States

      By JohnnyQ55 · Posted

      Tim Cook: "The US over time began to stop having as many vocational kinds of skills." What's the point of wasting time getting those skills if you can't get a job with them? Good Lord, maybe he and his cohort of CEO's who exported all these jobs to China should just shut the f**k up :D
    • The official Funny Pictures thread

      By Steven P. · Posted

    • Game I've been Working On

      By +pmrd · Posted

      I made a new Cinematic/Trailer for the game, this will be the intro, still a work in progress!  I also updated the Steam page with a ton of new screenshots! 👀 https://store.steampowered.com/app/3925340/Incoherence_Dark_Rooms/  

  • Recent Achievements

    • Conversation Starter
      jessse3334 earned a badge
      Conversation Starter
    • Reacting Well
      JuvenileDelinquent earned a badge
      Reacting Well
    • One Month Later
      Excellence2025 earned a badge
      One Month Later
    • Week One Done
      Excellence2025 earned a badge
      Week One Done
    • Week One Done
      flexorcist earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      502
    2. 2
      +Edouard
      215
    3. 3
      PsYcHoKiLLa
      150
    4. 4
      Steven P.
      74
    5. 5
      macoman
      62
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!