Graphic: Operation ‘Red October’: Victims of advanced cyber-espionage network. Click to view a larger version. (Source: Kaspersky Lab).
Computer security researchers have uncovered malware that appears to have been used as part of a widespread cyber-espionage campaign targeting European diplomatic and government agencies.
Kaspersky Lab, a global firm based in Moscow, said in a report released Monday that in terms of complexity, the malware rivals the Flame virus, a cyber-spying tool that was created by the United States and Israel for use against Iran.
ZERO DAY: Consideration of software flaws and hackers is often a secondary priority for software developers, who often value sales and novel applications over security, some critics say.
A reporter’s movements at State were tracked and private e-mails obtained after a 2009 story, documents show.
The army that ran Burma for decades “will always have a special place” in government, Thein Sein says.
Pressure is building to change the law and put prosecutors instead of commanders in charge.
Doctors in Boston say BBs and nails from the bomb wreaked havoc, with many victims losing legs.
The malware, called Rocra, has been in existence for at least five years and appears to have been written by Russian speakers using Chinese exploit code that silently installs malware. It was still active in early January.
Among other things, Rocra has been used to steal encrypted files and decryption keys used by the European Union and NATO, said Roel Schouwenberg, a Kaspersky researcher based in Boston.
The malware also can map the internal layout of a computer network and the configuration of routers, and hijack files from thumb drives and smartphones, he said. It records keystrokes, makes screenshots, recovers deleted files and encrypts the data it steals. It makes unique identifiers for each target to more easily catalogue the stolen data.
Rocra is not as sophisticated as Flame, which spread through Windows software updates. But Schouwenberg said it appears to be far more elegant than the “rudimentary” malware coming from China, which has been used to siphon vast amounts of proprietary data from companies and governments around the world.
Kaspersky’s researchers began analyzing the malware in October and determined that it was targeting organizations mostly in Eastern Europe, but also in Western Europe, Central Asia and North America. Targets include trade and commerce organizations, nuclear and energy research groups, oil and gas companies, and the aerospace industry. They also include a handful of non-U.S. diplomatic organizations inside the United States.
The lab does not know who is behind the malware — whether it is a national government, for example, or criminals looking to sell the data to a government.
“Over the past six months, we’re starting to notice a pattern where cybercriminals are stealing information from a bigger scope of targets,” Schouwenberg said.
The lab has counted several hundred infections worldwide, with Russia and other Eastern European countries leading the list. But Iran and the United States also have been hit, according to the report.
Researchers said it is likely there are far more targets that they have been unable to detect.
The Post Most: WorldMost-viewed stories, videos and galleries int he past two hours
Our Correspondents on Twitter
Loading...
Comments