Rocra or Red October malware stealing classified data since 2007

red-october-malwareWhen normal consumers are becoming the victims of data theft each day, it is no surprise that the same is happening within government sector too. According to a report in WSJ, Moscow-based anti-virus maker Kaspersky Lab has discovered a series of cyberattacks targeting diplomatic, governmental and scientific-research organizations in former Soviet-bloc countries, India, US, Iran and Belgium. What is surprising is that this has been going on for at least last five years.

The operation, which was being conducted by unidentified individuals/organisations/government, was gathering classified data and intelligence documents by using a malware called “Red October” or “Rocra.”

“There are about 300 computers infected that we know about,” Vitaly Kamluk, chief malware expert for Kaspersky told WSJ. Targets include embassies, government research centers, and aerospace facilities.

Here is a country-wise distribution of Red October affected computers:red-october-affected-countries

According to Kaspersky, this malware was controlled using 60 odd servers based in Germany and Russia, which was further controlled by a main server based at an unknown location.

How Red October worked, WSJ explains:rad-october-attack

Malware was attached to Microsoft Word or Excel documents and sent to a targeted user via email. When opened, the malware infected the host computer. That opened a communication channel with a command-and-control server, which sent the necessary additional modules to infect the computer.

Different modules targeted things such as USB drives, or different kinds of data. Others were used to extract the stolen data. There were modules designed to infect smartphones, and others that targeted enterprise network equipment or removable disk drives, including some designed to recover deleted files.

We were unable to authenticate the details of these claims from Kaspersky, but given the credibility of this anti-virus maker, they are assumed to be authentic.

More details on Red October can be read on Kaspersky Website.

Leave a Reply

Your email address will not be published. Required fields are marked *