My calendar tells me it is January, but Kaspersky Lab returned us to October, announcing the discovery of Red October malware — a cyber espionage network that rivals the Flame network.
According to the folks at Kaspersky Lab, Red October targets countries in Eastern Europe, former USSR Republics, and countries in Central Asia, but it also warned that North America and Western Europe could also be at risk. This isn’t exactly breaking news:
The attackers have been active for at least five years, focusing on diplomatic and governmental agencies of various countries across the world. Information harvested from infected networks is reused in later attacks.
Red October’s targets are the very targets that could lead to cyber warfare: government, military, energy industries, even trade and commerce. The attacks are very fine-tuned to the targets themselves — advanced spearphishing, if you will. Also, InformationWeek added:
In addition, it said attacks are also customized based on the target’s native language, the specific software installed on their system, and the types of documents they prefer to use.
The malware takes over a PC, turning it into a launch pad for more attack code. One thing that seems to be different about Red October than other malware attacks is how it can be connected to mobile devices and can record keystrokes and images.
There are still a lot of questions about Red October: Was it the Chinese who deployed it, as Kaspersky suspects? Was it a government attack or a rogue group flexing some muscles? Kaspersky, which first discovered the malware in October 2012 and began watching it in November, promised more details to come in the near future. I think we need to pay attention. Even though the U.S. isn’t a direct target of the malware, nothing is done in isolation these days. There are no real borders in cyberspace.