The Hunt for Red October

22 January 2013

Computer Viruses – we are all scared that one day they will infect our beloved tech devices. It is hard to believe that they are now strong and sophisticated enough to infiltrate governmental equipment and steal confidential data from right under their noses. Kaspersky Labs has uncovered a major cyber attack, now titled ‘Red October’ after the submarine in the Tom Clancy novel ‘The Hunt for Red October’, targeting over a 1,000 high level Government Computers and Smartphones. Its main purpose – to steal highly sensitive data. Research has shown that the cyber attack has targeted governmental organisations, research institutions, energy and nuclear groups, and aerospace organisations.

Affecting governmental organisations on a global scale – Geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment are among the classifications of data stolen. Research has shown that a total of over 7 Terabytes (7,000GB) of data has been stolen.

Researchers have also discovered that Red October has established 55,000 connection targets within 250 different IP addresses and is still currently active. Kaspersky Lab has stated that “Former USSR Republics and countries in Central Asia were targeted, although victims can be found everywhere, including Western Europe and North America”.

Although we may be picturing very sophisticated hacking techniques used to achieve such an attack, unexpectedly, this was achieved through very traditional methods. Most of us are exposed to spam or phishing emails regularly, with 60% of office workers exposed on a daily basis. The malware attack was delivered to email addresses hidden in common file attachments we all use on a regular basis (e.g. Microsoft Word, Excel and PDF Documents).

The Malware, called Rocra, sets up software on the recipient’s device. As a multi-functional virus, multiple “Modules” were activated with certain instructions on how to adapt to different digital sources to extract the confidential data, from Computer Systems to Smartphones on the network. All of the information gathered is encrypted and sent back to the hacker’s server.

This seems like standard work for an attack such as this, what makes this attack so unique? Very unique “Modules” were identified. A “resurrection” module was hidden in the original Word or Excel documents which allowed the hackers repeated access, through repeat installations, when the malware was discovered and/or permanently deleted. Chief Malware Researcher, Vitaly Kamluk even stated there was a “special module for recovering deleted files from USB sticks”. This actively seeks USBs plugged into devices and attempts to perform data recovery on anything it can find.

The uncovering of “Red October” shows just how easy it can be for malware to enter our computers. The simplicity of an email attachment, combined with the complexity of the Trojan virus illustrates just how much of a threat some malware can be. It is of vital importance to be cautious when dealing with emails from unknown parties.

Read More:

Talk to our consultation team today

Contact Us

I can honestly say that your excellent customer service and communication has made our forensic instructions to you exceptionally easy. I am very conscious of the amount of time I must have taken up with various queries, requests, and then changed requests but you have always been very patient, polite and extremely helpful.

Case Review Manager - Criminal Cases Review Commission