Kaspersky Labs finds "Red October" cyber-espionage malware

A map showing the targets of an advanced cyber-espionage network. / Kaspersky Labs

Kaspersky Labs, an online security firm, announced Monday that for at least five years, a cyber-espionage campaign has breached computer networks at diplomatic, government and scientific research organizations.

A campaign called "Red October," or "Rocra" for short, has malicious software actively sending data to "multiple command-and-control servers." Command-and-control servers are data centers that can remotely manage computers that run malware. Kaspersky's report says "Red October's" configuration rivals the Flame malware that made headlines last year, when it was discovered to have infected computers in Iran.

"It's a professional, multi-year cyber-espionage campaign," Kurt Baumgartner, senior security researcher at Kaspersky Labs, tells CBSNews.com.

The "Red October" malware has some peculiar characteristics. One of the most interesting finding, Baumgartner tells CBSNews.com, is that the types of targets tend to be geopolitical targets, like government agencies, embassies, nuclear research centers and the military.

Another one of the malware's unique functions lets it "resurrect" infected machines by embedding a plug-in inside of software like Adobe Reader or Microsoft Office. Even if the malware is removed or a patch is installed, hackers can still access the computer because of this work around.

The malware isn't limited to traditional computers. Mobile devices like Windows Phones, iPhones and Nokia phones are also at risk.

Kaspersky observed 60 domains and was able to record and log six so-called "sinkhole" domains. Baumgartner says Kaspersky observed tens of thousands of malicious communications coming from hundreds of domains. It can be speculated that the number would be in the thousands, if all of the domains were logged.

Currently, there are no clues as to who is responsible for the operation and there is no evidence that suggest the activities are state sponsored. However, Kaspersky notes two main factors:

"We're not saying they are Russian hackers, but the developers are of Russian-speaking origin," Baumgartner says.

Kaspersky Labs finds that the attackers have been at work since at least 2007 -- mostly targeting Eastern Europe, but there are reports of the cyber attacks in North America and Western European countries like Switzerland and Luxembourg.

Research suggests that the hackers are interested specifically in data from European Union government entities, based on the type of encryption software packets that were targeted.The encryption type tends to be used mainly by the E.U.

"It was as if they were looking for that specific information," Baumgartner tells CBSNews.com.

Kaspersky Lab's report on the "Red October" campaign can be found on Securelist.com.

[malo59]

This group is composed of amateur, but kaspersky according to hack Chinese or Russian.
I found on the website, the lastest informations on this topic :
http://www.techweekeurope.co.uk/news/red-october-cyber-espionage-falls-apart-104336

[CarsonCitySteve]

The President should issue an executive order banning this sort of thing.

[skeezix06]

Anonymous? I doubt it. More likely to be actual thieves intent on making money through theft. I've never heard making money to be part of Anonymous' goal.

[eddom9492]

If you don't know what's happening to your computer resources, that makes you vulnerable.

[ToolMangler1]

It would not surprise me to learn that 'Anonymous' was a part of this also.
Ego is a destroyer, it drives one beyond all inherent abilities, then sets them up for destruction.