NATO Computers Infiltrated by "Red October" Malware
January 15, 2013 4:29 PM
A rogue malware program is targeting government data stored on European and U.S. networks.
(Source: Rex Features)
Cyberespionage code has been stealing secrets for at least five years
Russia's Kaspersky Lab, a top international security firm, has uncovered a stunningly sophisticated piece of malware that's been infiltrating defense machines with North Atlantic Treaty Organization (NATO) and other Western military groups over the last half decade.
I. Red October Runs Wild, Evades Deletion
, "During the past five years, a high-level cyber-espionage campaign has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations, gathering data and intelligence from mobile devices, computer systems and network equipment."
Much attention has been devoted of late to cyber-espionage efforts allegedly perpetrated by the U.S. and Israel. The
campaigns against Iran
captivated readers and infuriated supporters of the Islamist republic of Iran.
But with this new malware, which researchers have dubbed "Red October", the tables are turned U.S. and its allies are the targets.
To give one example of the sophistication of the multi-module attack package, if the user detects Red October and deletes it, a secondary hidden package can detect the deletion and carry out a protocol to reinstall the malware. The so-called "Resurrection Module" masquerades as plug-ins to Adobe Systems Inc.'s (
) PDF Reader or Microsoft Corp.'s (
) Office suite and is inactive until the malware is deleted.
Red October can resurrect itself via a malicious Office plug-in.
The malware has pieces that spread onto USB drives, allowing remote command servers to access deleted files. The malware can spread to a variety of mobile devices including Apple, Inc.'s (
) iPhone, Nokia Oyj.'s (
) Symbian OS, and Microsoft's Windows Phone/Windows Mobile (Android was not mentioned). The malware can even infect routers and switches, stealing their configuration information.
The packages aboard the core malware are designed to defeat a broad range of cryptography, including specialized government protocols such as the
, a series of packages commonly used by European Union governments.
II. Who's Piloting Red October?
The malware features a grab bag of features, mostly from Eastern European, Russian, and Chinese sources.
, designed to infect high-profile targets, copy the attack methodology and code of campaigns that China allegedly used
against Tibetan activists
. Other attack modules borrow heavily from malware allegedly traced to freelance hackers in the employ of the Chinese government. And the vulnerability discovery code, which identifies how best to attack the local machine closely matches that
, a piece of malware believed to have been developed by hackers in Ukraine.
But there's also a strong Russian influence in malware (hence the name Kaspersky gave it). The researchers comment:
Based on the registration data of C2 servers and the numerous artifacts left in executables of the malware, there is strong technical evidence to indicate the attackers have Russian-speaking origins.
In other words, there's Russian words nestled in the code. When the malware gains access to the system, it orders words to the command prompt be rendered in Cyrillic fonts. Cyrillic is the alphabet used by the Russian language and various other related languages from the Balkans and Northern Eurasia.
But are those true clues or just red herrings? It's hard to say. It's widely held that China and Iran -- who happen to be close trade partners and allies -- are the two most aggressive and sophisticated cyber-aggressors when it comes to attacking the U.S. and its allies. But often China is believed to rely on third parties -- e.g. hackers in Eastern Europe or Russia -- to do its "dirty work".
Red October is the first known malware to salvage deleted files on USB sticks.
[Image Source: Akihabara]
H.D. Moore, chief security officer of security firm Rapid7 and creator of the popular security testing software Metasploit, said in
that he was "surprised it got as far as it did" given it's proclivity for stealing not just a handful of files, but all sorts of settings and documents from the target machine.
He adds that the recovery software to steal deleted files from USB disks also is a new twist and shows substantial creativity/sophistication. He comments, "We hadn't seen that before in malware. The threat is that USB drives are often shared between people, especially at conferences. Even if you take precautions to delete files and you trust the person you are sharing this with, this malware would be able to automatically recover deleted files and siphon them off without either party being aware."
He argues that Flame is more advanced, but that the sophisticated Red October can still do plenty of "scary things".
U.S. Computer Emergency Readiness Team
(US-CERT), a subagency of the
U.S. Department of Homeland Security
(DHS) tasked with cyberdefense, is currently investigating the newly discovered malware and assessing whether it gained access to any important files during its silent rampage.
"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation
Iran Accuses U.S. and Israel of Spreading Holiday Stuxnet "Cheer"
December 26, 2012, 3:57 PM
Quick Note: China Targets White House in Cyber Attack
October 1, 2012, 8:21 PM
United States Accused of Using Flame to try to Cripple Iran's Economy
June 22, 2012, 1:31 PM
NYT: President Obama Authorized Stuxnet Attack on Iran
June 1, 2012, 1:54 PM
China Cyberspies Strike Indian Military,Tibetan Exiles, and Embassies in U.S.
April 7, 2010, 9:11 AM
Science & Environment
February 20, 2017, 6:37 AM
The USA’s newest weather satellite sends first photos.
January 24, 2017, 6:41 AM
Netflix took a decision to invest in original content
January 19, 2017, 7:00 AM
Amazon Airborne Fulfillment Center – Your Merchandise Drop-Shipped from the Clouds
December 29, 2016, 5:00 AM
Amazon is experimenting with a new kind of grocery stores, Amazon Go
December 8, 2016, 5:00 AM
Google has developed Deep Learning Algorithm to detect Diabetic Eye Disease
December 4, 2016, 5:00 AM
Most Popular Articles
Surface Pro 5 Rumors - New Release Date and Price
April 22, 2017, 6:45 AM
Apple Watch NikeLab Limited Edition unveiled.
April 22, 2017, 6:20 AM
SAPPHIRE PULSE Radeon RX 580 8GD5 – Great Value for the Money
April 20, 2017, 7:47 AM
Meet the Smartphone with four cameras - Alcatel Flashphone
April 5, 2017, 11:20 AM
Dell Inspiron 17 7000 – A Premium Laptop featuring 7th Gen Intel Core i7 in a 2-in-1 Frame.
April 19, 2017, 7:45 AM
Latest Blog Posts
Galaxy Note 8 – Available Second Half 2017
Apr 28, 2017, 7:30 AM
Google Android App – Huge improvement on Nighttime Photography
Apr 27, 2017, 7:40 AM
Google Co-Founder, Sergey Brin has an Airship
Apr 26, 2017, 6:43 AM
Samsung Galaxy S8 and S8 Plus – Lots of Glass that Breaks Easily
Apr 25, 2017, 7:20 AM
Samsung Galaxy S8 – Warning for Pet Owners
Apr 24, 2017, 5:59 AM
Sound Bars and the Costs?
Apr 23, 2017, 6:30 AM
Link your Brain to Your Computer – In Four Years…Maybe
Apr 22, 2017, 7:03 AM
Google Home can now identify users by their voice.
Apr 21, 2017, 7:15 AM
Amazon Lex – Now Available for Developers.
Apr 20, 2017, 6:58 AM
You can now use Instagram offline on your Android Smartphone
Apr 19, 2017, 8:00 AM
Now you can livestream to YouTube from your mobile device.
Apr 18, 2017, 8:05 AM
Google Home – Is It a Spy Device?
Apr 17, 2017, 7:30 AM
Apple added to self –driving test permit list
Apr 15, 2017, 6:21 AM
Project Scorpio – Coming on June 11
Apr 14, 2017, 6:20 AM
Looks Like Samsung Has Been Forgiven.
Apr 13, 2017, 6:50 AM
United Airlines - Blasted on China’s Social Network and the Stock Market
Apr 12, 2017, 6:50 AM
Amazon's Third-Party Sellers Hacked
Apr 11, 2017, 6:25 AM
Microsoft Surface Pro5 Details Revealed
Apr 9, 2017, 6:41 AM
Own An Android Phone? Then you could be hacked over Wi-FI
Apr 7, 2017, 6:47 AM
Apple confirms iOS 10.3 bug and its effect on iCloud Services
Apr 6, 2017, 6:30 AM
Apple Rolls Out New Version of Apple Music
Apr 5, 2017, 10:35 AM
Apple in the News
Apr 4, 2017, 9:03 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information