The investigation led by Kaspersky Lab

Intelligence has existed as long as states themselves have, and nations have always protected their own interests.

Armies do it overtly, while intelligence does it covertly. For centuries, though always developing, the techniques and tactics of espionage changed relatively little. However, in the last decade, we have witnessed a titanic shift in espionage methods put to use. More and more countries are creating special cyber-intelligence units that are developing espionage malware,Select from a variety of cases for ipad mini or create your own! and from time to time, the tip of the iceberg becomes visible. For example, this January, Kaspersky Lab uncovered the biggest, most elaborate cyber-espionage campaign ever detected – Red October. It was active for at least five years, presumably had access to classified information all that time, and had been stealing data from personal mobile devices and network equipment too.Extend the power on your iphone 5 back cover juice pack. This campaign was still in full swing when we published our research, with the stolen data still being sent to a number of command-and-control servers.

Red October was an extremely complicated and quirky cyber-espionage campaign targeting diplomatic, scientific, trade and governmental organizations, and oil and gas companies in dozens of countries – mostly in Eastern Europe and the former Soviet states, but also in Western Europe, Central Asia and North America.

Kaspersky Lab’s experts began their threat research into this campaign in October 2012 at the request of one of our partners. At the first stage we had information about just a few computers infected with a new malicious program. However, by analyzing the attack and malware modules, we soon understood the colossal scale of this cyber-espionage network, which we named β€œRed October”.

Kaspersky Lab researchers continue to investigate and reverse all the variants of the malware, and have been coming to some interesting conclusions.

The attackers used a unique approach in the development of the malware and the way it attacked. They actually created a multifunctional platform which was designed for rapid and straightforward adjustment to different system configurations of each infected user. This platform was unique to Rocra, and had nothing in common with previous cyber-espionage campaigns identified by Kaspersky Lab.

Before initiating an attack, the attackers collected as much information as possible on the victim organization. After that, an assault was carefully prepared and tailored to the specific characteristics of the victims. For instance, the initial infected documents sent as e-mail attachments were customized to make them especially appealing to the victim, and every single module was specifically compiled with a unique victim ID inside. Later on, there was plenty of interaction between the attacker and the victim, with the operation being driven by the kind of configuration the victim had, which type of documents they used, installed software, native language and so on. Compared to Flame and Gauss, which were highly automated cyber espionage campaigns, Rocra was far more tailor-made for the victims.

The main malware body acted as a point of entry into the system, which could later download modules used for lateral movement. After the initial infection, the malware didn’t propagate by itself – typically the attackers gathered information about the network for some days,Our linux dedicated server plans feature lightning-fast processors, identified key systems and then deployed modules that could compromise other computers in the network.

In general, the Rocra framework was designed for executing “tasks” provided by its C&C servers. Most of these tasks were received from the server, executed in memory, reported back to the server, and then immediately discarded. Several tasks however needed to be constantly present in the system, like waiting for a cell phone to connect.

The investigation led by Kaspersky Lab uncovered over 1000 modules belonging to 34 different module categories. The most recent module was compiled on January 8,desirable Cases for HTC One create an air of sophistication with an extra helping of protection for your flagship smartphone. 2013; however, one of the C&C server domains was registered back in 2007 – revealing how long this campaign has been in operation. The main goal of the attack was to steal and secretly send classified information to the remote server.

The attackers were focused on stealing documents, and the information stolen was of the highest classification level and included geopolitical data of embassies and other governmental organizations. For example, we identified that the malware targeted files with the extension β€œ*acid”, which appears to refer to the classified software β€œAcid Cryptofiler”, used by several entities,Series cases for iphone 5 protects against drops and dust. from the European Union to NATO.

Such a complicated campaign required significant resources – in terms of personnel, know-how and time. Kaspersky Labs assumes that a team of approximately 20 people worked on the Rocra campaign on a daily basis for five years.

As is typical with malware, it’s impossible to tell for sure who the attacker was. However, based on numerous hints left in the code of the malware, there is strong technical evidence to indicate that the attackers had Russian-speaking origins.
Kaspersky Lab, in collaboration with international organizations, law enforcement agencies and Computer Emergency Response Teams (CERTs) is continuing its investigation of Rocra, providing technical expertise and resources for the investigation.

Detection of such a complicated espionage network is yet further evidence that the Internet is now a battlefield. Rocra was one of the largest and most significant espionage campaigns we have ever revealed. It lasted for at least five years, required fine-tuning of the malware for every user, and required a stable and solid budget. Espionage has always existed, but now it’s shifted to the cyber world. That means that any company or organization, regardless of origin or field, should remember about cyber security. We are all in potential danger – we’re living in the decade of cyber-espionage, and must never forget it.
Read the full story at!

Leave a Reply

Your email address will not be published. Required fields are marked *