By Caroline Donnelly, 15 Jan 2013 - itpro
Russian anti-virus vendor Kaspersky Lab has uncovered a cyber-espionage campaign it claims has been targeting diplomatic, governmental and scientific research organisations across Europe for at least five years.
The aim of the attacks, which have been dubbed Red October by Kaspersky’s researchers, is reportedly to obtain personal data from mobile devices and network equipment, as well as geopolitical intelligence and access to classified computer systems.
So far the attacks have been targeted at organisations in Europe, former USSR Republics, Central Asia and North America, Kaspersky Lab claims.
The group also claims to have evidence to suggest the attackers may be Russian-speaking.
“In October 2012, Kaspersky Lab’s team of experts initiated an investigation following a series of attacks against computer networks targeting international diplomatic service agencies,” said the company in a statement.
“A large scale cyber-espionage network was revealed and analysed during the investigation...and is still active as of January 2013, and has been a sustained campaign dating back as far as 2007.”http://bit.ly/Y75men
and from arstechnica
The unknown attackers infected computers operated by the Russian Federation, Iran, the US, and at least 36 other countries. They used highly targeted malware to collect what's believed to be hundreds of terabytes of sensitive data, according to researchers from antivirus provider Kaspersky Lab. The success of the covert operation is largely the result of malware and phishing e-mails that were highly customized for each victim.
Now, Aviv Raff, a researcher with Israel-based Seculert, said he has uncovered a website used to infect some of the victims of Operation Red October (as the campaign has been dubbed). The website exploited a critical Java vulnerability identified as CVE-2011-3544, allowing the attackers to surreptitiously execute malicious code on visitors' computers. Although Oracle developers patched the bug in October, 2011, the malicious Java archive file was compiled the following February.
Raff's discovery provides a window into the inner workings of an espionage campaign that collected passwords, cryptographic keys, and sensitive diplomatic intelligence from some of the world's biggest governments. They include a pseudo-randomly generated unique ID the malicious executable assigned to each newly infected computer.http://ars.to/W6n5Ny