"Kaspersky Lab" has found a spy network, successfully functioning for more than 5 years. The objectives of cyber attacks have become public, diplomatic, research, space, and other strategically important structures
According to the press service of the company, the actions of cyber criminals were sent to confidential information and data that provide access to computer systems, personal mobile devices and corporate networks as well as gathering information geopolitical nature. The main focus attack made on the former Soviet Union, Eastern Europe, as well as a number of countries in Central Asia.
In October, 2012. Experts began investigating a series of attacks on computer networks of international diplomatic missions. In the process of studying these incidents have identified the scale kibershpionskuyu network. According to the results of its analysis to the experts concluded that the operation
Notices under the code name "Red October" began in 2007. and continues to this day.
As reported in "Kaspersky Lab", the main aim of cybercriminals have become diplomatic and government agencies around the world. However, there are also victims of the scientific-research institutes, companies engaged in the areas of energy, including nuclear, space agencies and commercial enterprises. The creators of "Red October" developed their own malicious software (SW), which has a unique modular architecture consisting of malicious extensions, modules designed to steal information.
To control a network of infected machines cybercriminals use more than 60 domain names and servers located in various countries. In this case, much of it situated on the territory of Germany and Russia. Analysis of server infrastructure management showed that the attackers used a chain of proxy servers to hide the location of the main management server.
Criminals abducted from infected systems of the information contained in the files of various formats. Among other experts found files with acid *, saying that they belong to a secret software Acid Cryptofiler, which was used in a number of organizations that make up the European Union and NATO.
For contamination of the criminals used phishing messages addressed to specific recipients. The composition of the letter was part of a special Trojan installation which contained a letter exploits exploit vulnerabilities in Microsoft Office. These exploits have been created by hackers and have previously been used in a variety of cyber attacks aimed at both Tibetan activists and the military and energy sectors of a number of Asian countries.
Cyber criminals have created a multi-functional platform for the commission of attacks, which contained dozens of extensions and malicious files that can quickly adapt to different system configurations and collect confidential data from infected computers.
"Registration Data control servers and the information contained in executable files of malicious software, is good reason to presume that cybercriminals Russian roots," — experts say.