Last October, experts at Kaspersky; a Moscow based cyber-security company, claimed to have discovered a major global malware system that has attacked and compromised the computers of sensitive institutions including research centers, defense installations, diplomatic consulates, and government agencies in 39 countries for the past 5 years. Their released report about Red October, aka Rocra, hints that the programmers are Russian.
John Bumgarner, research director for US Cyber Consequences Unit suspects Russia or China. The author of “Inside Cyber Warfare”, Jeffrey Carr thinks that the virus was the work of the foreign intelligence service of a NATO or EU country spying on Russian embassies.
Initially targeting embassies around the world, the origin of the program as well as motives of the attackers is still unknown. The new virus usually infects computers through an email attachment that mimics ordinary business correspondence.
Due to the syntax and choice of words, it has become evident that the Rocra malware modules were created by Russian speaking operatives. However, currently there is no evidence linking the malware attacks with a nation-state sponsored attack.
Not only does the malware target traditional workstations; it can garner information from mobile devices, steal configuration data from routers and Cisco switches, as well as deleted files from removable disk drives. Like an ever expanding universe, the hackers use the stolen information exfiltrated from infected networks to infiltrate into additional systems, and have compiled and used the passwords to gain access to an ever increasing amount of data
Apparently, the main purpose of the operation seems to be the gathering of classified information as well as geopolitical influence. According to Sergei Karaganov, honorary chairman of the Moscow based think tank Council on Foreign and Defense Policy, such cyber-espionage is increasingly common. Russia and other countries have tried to create international protocols to combat it. He also suggested that “On the other hand, I wouldn’t rule out the possibility of this being an ingenious trick on the part of Kaspersky Lab to boost their trade.”