Rocra malware spies on governments

Powered by SC Magazine
 

Kaspersky details its hunt for "Red October".

Kaspersky Labs has released a report into its discovery of a complex, active malware kit that appears to have beem used over the past five years to spy on diplomatic missions and government agencies around the world.

Named Rocra - which is short for Red October - the malware steals user and network credentials, files, Outlook email storage files as well as messages from POP/IMAP mail servers and data from FTP file servers. The malware also contains modules designed to steal data from Windows Mobile, iPhone and Nokia devices.

Kaspersky used time-stamps on the malware executables to trace its use back to 2007. The researchers said Red October was discovered in October last year and rivals the Flame malware in complexity and ability.

Kaspersky engineers believe the malware targets Eastern European, former USSR countries and Central Asian nations. Western European and and North American countries have also been in the firing line.

At this time, there is no evidence linking Red October to any particular country, but Kaspersky Labs notes the exploits in Red October that target Microsoft Word and Excel seem to have been created by Chinese Hackers and malware modules by Russian-speaking coders.

Red October has been active in attacking trade, research, nuclear power and energy institutions, oil and gas companies as well as aerospace enterprises and the military.

Over sixty domain names were used by the attackers  to control the malware and to collect the data it steals, with Internet Protocol addresses geolocated mostly in Russia and Germany, the report noted. By monitoring some of the attackers' domains, Kaspersky was able to record around 55,000 connections from 250 different IP addresses.

Copyright © iTnews.com.au . All rights reserved.


Rocra malware spies on governments
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1128

Vote