Russia's Kaspersky Lab Uncovers Five-Year Global Cyber Espionage Campaign

Category: World / Jan 15, 2013 12:28PM EDT
Russia's Kaspersky Lab has discovered a cyber espionage campaign targeting diplomatic, governmental and scientific research organizations around the world. The campaign of attacks, which Kaspersky Lab has dubbed 'Red October' has been ongoing since 2007, and mainly related to Eastern Europe, former USSR members, and Central Asian countries. "We actually estimate that there are terabytes of secret or semi-secret data that was stolen from all these embassies and scientific research organizations, and that information can be used for geopolitical purposes at a government level, so it's definitely a serious thing," Kaspersky Lab chief malware expert Vitaly Kamluk told Reuters. The threat, which was apprehended by Kaspersky Lab's global research and analysis team in October of last year, is thought to be large-scale, and did not seem to follow the hacking patterns of most cyber criminals. "This is definitely not a cyber criminal's work, because cyber criminals are mostly interested in collecting information that leads to money, so to find a way that they can get their own profit, financial profit. And here it is definitely cyber espionage, so they, the attackers are interested only in documents or in the ways of getting documents," Kamluk said, adding that it was believed that the attackers were believed to be Russian speakers. Thus far, however, Kaspersky Lab analysts have been unable to determine whether or not the attacks stemmed from a government-sponsored campaign. "We don't have a tight link with a state-sponsored attack here. It's not very clear for us who actually is running that. But that's definitely a well-organized group, and according to the resources that had to be spent to create such a network, it should have been dozens of software developers and network server operators in order to succeed," Kamluk said. The system used in the attacks is able to infiltrate and steal data from smartphones, removable disk drives, and enterprise network equipment. As of the report's release, the attacks were ongoing.