Average Rating: Rate this article:

Kaspersky Labs Discovers 'Red October' Malware Spy Ring By Barry Levine January 14, 2013 1:55PM     The leading number of Red October infections discovered -- 35 -- is in the Russian Federation, suggesting Red October is not run by the Russian government. In fact, Kaspersky Labs said although Red October is gathering "classified information and geopolitical intelligence," there is "no evidence linking this with a nation-state sponsored attack."   Related Topics Cyber Espionage Malware Enterprise Security Kaspersky Flame Latest News Reality TV's New Stars: Small Biz Soundbars Up the Ante on TV Sound Google Glass Raises Privacy Concerns Pentagon Gives iOS 6 Security OK Should Enterprises Skip Windows 8? It sounds like a remake of the Tom Clancy novel by the same name, but "Red October" is the name of an advanced cyber espionage network that is targeting governments and other organizations around the world. The network was discovered by the security firm Kaspersky Labs, which announced its findings Monday. The firm said its researchers have spent several months analyzing malware from the organization, which, since at least 2007, targets organizations primarily in central Asia and in Eastern European countries that were formerly in the Soviet Union, as well as ones in Western Europe and North America. Hiding the 'True Mothership' Kaspersky said the attackers have conducted these operations for at least five years, and stolen data , such as security credentials, are reused in later attacks. More than five dozen domain names have been created to control the network of infected machines, utilizing hosting locations in Germany, Russia and other countries. Targets have included embassies and other diplomatic and governmental locations, research institutions, trade and commerce organizations, nuclear and energy research, oil and gas companies, aerospace and military. Hundreds of infections have been located worldwide. The firm said that the actual command-and-control infrastructure is a chain of proxy servers that hide the location of the "true mothership command and control server ." The network is designed to allow an attacker to recover access to infected machines through other communication channels, if need be. A "resurrection" function enables a malware module to be reinstalled, even if it's been removed. Red October, which is also called Rocra for short, is designed to steal data from mobile devices, enterprise network equipment, already-deleted files recovered from removable disk drives, e-mail databases from Outlook or POP/IMAP servers, or local FTP servers, in addition to workstations. 'Russian-Speaking Origins' The observed attacks exploited vulnerabilities in Excel or Word, and, against Tibetan activists and Asia-based military and energy targets, used spear-phishing attacks. Spear phishing is fraudulent e-mail that appears to originate from someone within an organization, and attempts to trick the recipient into revealing confidential data or clicking on a link. Because of registration data in the command-and-control servers and clues left in executables, Kaspersky, whose world headquarters are in Moscow, said it "strongly" believes the attackers "have Russian-speaking origins." The network was dubbed Red October by Kaspersky because of the use of the Russian language in the code. Interestingly, the leading number of infections discovered -- 35 -- is in the Russian Federation, suggesting that this operation is not run by the Russian government. In fact, Kaspersky said that there is "no evidence linking this with a nation-state sponsored attack." The main purpose of the attacks appears to be gathering "classified information and geopolitical intelligence," although the use is unknown. While the malware has been developed by Russian-speaking programmers, the exploits themselves appear to have been handled by Chinese hackers. The company said it first investigated the Rocra attacks in October of last year at the request of an unnamed "partner," who chooses to remain anonymous. Kaspersky regularly unveils its investigations into major malware attacks, including the Flame virus that apparently attacked computers in Iran. There is no apparent connection between Flame and Red October, the security firm said.   Tell Us What You Think Comment: Name: Also Visit: iPad Info Center Billions of Bytes Mobile Device Now Apple Info Center TopTechWire.com Panasonic Toughbook® mobile computers are engineered to withstand drops, spills, dust and grime, and to perform in the harshest environments. Rugged reliability, low cost of ownership and accolades from reviewers are just a few of the reasons why Toughbook computers keep winning over the world's toughest users. Click here to learn more.  Network Security 1.   Financial Times Latest Hacking Target 2.   Patch Tuesday Hyper Focuses on IE 8 3.   Investors Funding Cyberwarfare 4.   Bloomberg Admits Terminal Snooping 5.   $45 Million ATM Theft Sophisticated Financial Times Latest Hacking Target Syrian Electronic Army attacks site. Average Rating: Investors Funding Cyberwarfare As demand for tech security grows. Average Rating: Hacking Strains U.S.-China Relations As U.S. infrastructure is put at risk. Average Rating:

Product Information and Resources for Technology You Can Use To Boost Your Business BYOD & MDM   Build a business case for a BYOD program. CRM Systems   Free Download: Understanding the Voice of the Customer   Unlock the potential in your people with Microsoft Dynamics   How Microsoft Dynamics helped mobilize retail businesses   2 million CRM success stories and counting...   Experience CRM and Business Success today with Salesforce.com.   Free Download: Understanding the Voice of the Customer   Optimize CRM with Data Quality Management. More from Trillium Cloud & Virtualization   Riverbed Stingray Traffic Manager on Amazon Web Services Contact Centers   Unlock the potential in your people with Microsoft Dynamics Customer Data   Free Download: Understanding the Voice of the Customer   See how you can benefit from Microsoft Dynamics   Free Download: Understanding the Voice of the Customer Customer Service   Improve your customer relationships with Microsoft Dynamics   2 million CRM success stories and counting...   Unlock the potential in your people with Microsoft Dynamics Data Security   Simpana® 10 software: an exponential leap forward Enterprise Hardware   The 2013 Toughpad™ tablets. Rugged, secure and built for business.   Rugged and reliable Panasonic Toughbook® mobile computers.   The best document scanner for you? Try KODAK's scanner selector   APC makes it easy for you to focus on business growth, not downtime. Enterprise I.T.   Brocade's mission: Making networks easier to deploy, manage, and scale.   11 Challenges Solved by Infrastructure for Small IT Environments Enterprise Software   Get critical data off paper and into SharePoint! Watch the video.   Simpana® 10 software: an exponential leap forward Hardware   The 2013 Toughpad™ tablets. Rugged, secure and built for business.   Rugged and reliable Panasonic Toughbook® mobile computers.   Rugged and reliable Panasonic Toughbook® mobile computers Innovation   The best document scanner for you? Try KODAK's scanner selector   Brocade's mission: Making networks easier to deploy, manage, and scale. Laptops & Tablets   Rugged and reliable Panasonic Toughbook® mobile computers. Mobile Apps   Build great mobile apps that drive engagement. Mobile Tech   Rugged and reliable Panasonic Toughbook® mobile computers Small Business   The best document scanner for you? Try KODAK's scanner selector Tech Trends   APC makes it easy for you to focus on business growth, not downtime.

Network Security Spotlight

Syrian Electronic Army Hacks Financial Times The Financial Times is the latest victim of the Syrian Electronic Army, a group that supports Syrian President Bashar al-Assad. The U.K.-based newspaper said a blog and its Twitter accounts were hacked.   Patch Tuesday Hyper Focuses on IE 8 Microsoft on Tuesday issued 10 security bulletins that fix 33 vulnerabilities. These updates include MS13-038, which will address the Internet Explorer 8 issue described in Security Advisory 2847140.   Surge of Venture Capital Buoys Tech Security Sector With companies and governments spending billions to repel cyberthreats, a surge of venture capital is pouring into companies developing cybersecurity technologies, the front line of the conflict.

Enterprise Hardware Spotlight

U.S. Defense Department Gives iOS 6 Security OK In a vote of confidence for Apple's iOS devices, the Defense Department has given the all-clear for employees to use iPads and iPhones for work. But only those running iOS 6, and only if issued by the government.   Cisco Surges After Profit Exceeds Analysts' Estimates Networking equipment giant Cisco's net income jumped 14 percent in the latest quarter as revenue at all four of its divisions rose for the first time in a year and a half, as tech spending increases.   HP and SAP Team To Advance HANA Database Technology The two tech leaders are working on a system that SAP says could fundamentally change the database market. HANA is SAP's technology that keeps data in-memory, for super fast processing.

Mobile Enterprise Spotlight

Google Glass Raises Congressional Privacy Concerns The buzz around Google Glass continues, but it's not all good. Some in Congress have questions. "We are curious whether this new technology could infringe on the privacy of average Americans," their letter to Google says.   Windows Phone Now No. 3 in Market, BlackBerry No. 4 Has Microsoft Phone moved into a coveted though distant third place for smartphone platforms behind Google's Android and Apple's iOS? A new report says yes, while BlackBerry has slipped to No. 4.   Intel Going Mobile with Its New CEO In his first speech as Intel's CEO, Brian Krzanich said he plans to focus on beefing up Intel's presence in mobility. The next step: a world tour showing mobile devices based on Intel chips, from PCs to phones and tablets.

Enterprise Technology Spotlight

HP and SAP Team To Advance HANA Database Technology The two tech leaders are working on a system that SAP says could fundamentally change the database market. HANA is SAP's technology that keeps data in-memory, for super fast processing.   Cloud Computing Gains Another Competitor with Google Amazon Web Services and Microsoft Azure now have a full-on rival in Google, with its I/O announcement that it is opening its hosted Compute Engine environment for virtual machines to all comers.   Hackers' New Tool of Choice: Smartphones Smartphones are increasingly popular not only with consumers, but with thieves who see the devices as another way to tap into bank accounts and other sensitive information, experts say.

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Cloud & Virtualization | Applications | Unified Communications | Mobile Tech | Hardware | Business Intelligence World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2013 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.