Red October – Cyber-espionage Undetected for 5 Years

On January 17, 2013, Kaspersky Labs released, The Red October Campaign – An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies. The Kaspersky research discloses a massive network of command and control servers which has, over the past five years, infiltrated computer worldwide at governmental, diplomatic and scientific research organizations. Red October gathered information from computer systems, mobile devices and network equipment.

Kaspersky details the technical means used to evade detection for 5 years. The creators of this software used many clever techniques to cover their tracks and regain control of systems that had been partially disinfected.

What is most striking about this attack and its five years of committing worldwide cyber-espionage is the means used to infiltrate systems.  Spearphishing.  Yet again, we see that the infiltration method of choice was the highly targeted email that delivered a malicious attachment.  This Kaspersky graphic shows first stage of the Red October attack.

Source: Kaspersky Labs

Red October is yet another demonstration of the true nature of cyberwarfare — Dr. Frederick Chang, former NSA Director of Research, warns that:

… cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines.

In Email – Deceptive By Design, Iconix explains how email favors the attacker in the adversarial engagement because email is a deceptive interface which is easily manipulated by the attacker.  Spearphishers deceive by masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. You can contact us at 408-727-6342,ext 3 or use our online form.


Comments are closed.