Computer malware targets Europe agencies

Graphic: Operation ‘Red October’: Victims of advanced cyber-espionage network. Click to view a larger version. (Source: Kaspersky Lab).

Computer security researchers have uncovered malware that appears to have been used as part of a widespread cyber-espionage campaign targeting European diplomatic and government agencies.

Kaspersky Lab, a global firm based in Moscow, said in a report released Monday that in terms of complexity, the malware rivals the Flame virus, a cyber-spying tool that was created by the United States and Israel for use against Iran.


ZERO DAY: Consideration of software flaws and hackers is often a secondary priority for software developers, who often value sales and novel applications over security, some critics say.
Click Here to View Full Graphic Story

ZERO DAY: Consideration of software flaws and hackers is often a secondary priority for software developers, who often value sales and novel applications over security, some critics say.

Latest from National Security

Justice Department outlines criteria for clemency

Effort to reduce prison population will focus on inmates with long sentences and no gang ties.

U.S. to partially resume military aid to Egypt

The decision to deliver Apache copters comes despite congressional restrictions in the coup’s aftermath.

Lawsuit: FBI using no-fly list to recruit informants

Four men accuse the U.S. of putting them on the list after they refused to spy on Muslim communities.

Full coverage: NSA Secrets

Full coverage: NSA Secrets

Read all of the stories in The Washington Post’s ongoing coverage of the National Security Agency’s surveillance programs.

The malware, called Rocra, has been in existence for at least five years and appears to have been written by Russian speakers using Chinese exploit code that silently installs malware. It was still active in early January.

Among other things, Rocra has been used to steal encrypted files and decryption keys used by the European Union and NATO, said Roel Schouwenberg, a Kaspersky researcher based in Boston.

The malware also can map the internal layout of a computer network and the configuration of routers, and hijack files from thumb drives and smartphones, he said. It records keystrokes, makes screenshots, recovers deleted files and encrypts the data it steals. It makes unique identifiers for each target to more easily catalogue the stolen data.

Rocra is not as sophisticated as Flame, which spread through Windows software updates. But Schouwenberg said it appears to be far more elegant than the “rudimentary” malware coming from China, which has been used to siphon vast amounts of proprietary data from companies and governments around the world.

Kaspersky’s researchers began analyzing the malware in October and determined that it was targeting organizations mostly in Eastern Europe, but also in Western Europe, Central Asia and North America. Targets include trade and commerce organizations, nuclear and energy research groups, oil and gas companies, and the aerospace industry. They also include a handful of non-U.S. diplomatic organizations inside the United States.

The lab does not know who is behind the malware — whether it is a national government, for example, or criminals looking to sell the data to a government.

“Over the past six months, we’re starting to notice a pattern where cybercriminals are stealing information from a bigger scope of targets,” Schouwenberg said.

The lab has counted several hundred infections worldwide, with Russia and other Eastern European countries leading the list. But Iran and the United States also have been hit, according to the report.

Researchers said it is likely there are far more targets that they have been unable to detect.

Read what others are saying