Kaspersky Discovers Operation 'Red October' That Steals Government Information
Kaspersky has just announced that it has discovered Operation 'Red October', which is an advanced cyber-espionage campaign that uses highly flexible malware to steal data and Geopolitical Intelligence from diplomatic, governmental and scientific research organizations in several countries. Apparently, this operation has been going on since 2007.
The report indicates that Operation Red October, called 'Rocra' for short, is still active as of January 2013. It uses a targeted spear-phishing email that includes a customized Trojan dropper which exploits security vulnerabilities inside Microsoft Office and Microsoft Excel.
Then, by using documents with extensions: txt, csv, eml, doc, vsd, sxw, odt, docx, rtf, pdf, mdb, xls, wab, rst, xps, iau, cif, key, crt, cer, hse, pgp, gpg, xia, xiu, xis, xio, xig, acidcsa, acidsca, aciddsk, acidpvr, acidppr, acidssa, the information is stolen from the infected systems.
So far, the operation targets countries in Eastern Europe, former USSR Republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America.
For more Kaspersky news updates, please follow us here.