The Red October cyber-espionage campaign had access to encryption keys which allowed it to read secret European and German documents. Kaspersky, the Russian security firm which first described the malware-based snooping operation in January, presented more details during a press conference at the CeBIT show in Hanover, Germany.
Red October operated for at least five years, attacking embassies and government bodies, stealing information from PCs and smartphones, by infecting devices with malware using flaws such as the recent Adobe weakness. Kaspersky said the outfit must have had Russian origins, or been created by Russian speakers, as there was evidence in the payload, of a command which translates the character encoding to the Russian Cyrillic alphabet.
The campaign may have been more dangerous than was thought at first, because the culprits appear to have had access to the keys for major cryptography systems, used by the European Union, NATO and the German government, said Costin Raiu, head of research at Kaspersky Labs.
The attackers appeared to posses the keys allowing them to decode exchanges using the German Chiasmus government encryption program, as well as the Acid Cryptofiler, used by NATO and the EU, said Raiu.
The campaign was very sophisticated, with bespoke malware aimed at specific targets, showing the that culprits knew exactly what they wanted. The basic malware underlying the attacks was largely re-used from known code of Chinese origin, that was made public following attempts to spy on Tibetan activists.
The malware used flaws in Adobe, Microsoft Word and Microsoft Excel to attack its victims.
Despite its sophistication, it appeared to fall apart after it was exposed. The command and control systems of Red October were dismantled hours after it was exposed, Raiu told TechWeekEurope in January.
Red October is part of a series of apparently political cyber expionage campaigns which also includes the Flame and Gauss operations, which also hit government bodies.
Reporting by Peter Marwan of ZDNet.de
What do you know about IT in Russia? Try our quiz, Tovarisch!
Rights group argues ChatGPT tendency to generate false information on individuals violates GDPR data protection…
European Commission says Apple's iPadOS is 'gatekeeper' due to large number of businesses 'locked in'…
As the cloud continues to be an essential asset for all businesses, developing and maintaining…
Internatinal conference in Vienna calls for controls on AI-powered autonomous weapons to ensure humans remain…
Major Taiwan chip assembly and test firm KYEC to sell Jiangsu subsidiary, exit mainland China…
As deepfake technology continues to blur the lines between reality and deception, businesses and individuals…