- Bernie Sanders wins Nevada Caucuses Saturday 6:54 PM
- MSNBC is out of its mind over Sanders leading Nevada Saturday 5:20 PM
- Kim Kardashian dragged for using makeup to darken her hands Saturday 4:13 PM
- TikTok users show how they turned their vehicles into incredible tiny homes Saturday 3:44 PM
- Woman iconically pranks man who sent her an unsolicited d*ck pic Saturday 2:25 PM
- ‘Terrifying’ deepfake puts Jeff Bezos and Elon Musk in ‘Star Trek’ Saturday 1:06 PM
- A 36-year-old called the cops after being booted from parents’ phone plan Saturday 12:16 PM
- People think novelist Dean Koontz predicted the coronavirus in 1981 thriller Saturday 10:22 AM
- Twitter suspends 70 pro-Bloomberg accounts Saturday 9:15 AM
- In documentary ‘Modern Whore,’ a former escort takes control of her own narrative Saturday 6:30 AM
- Cara Delevingne calls out Justin Bieber for ‘ranking’ wife Hailey’s friends Friday 9:07 PM
- Fans defend Jenna Marbles after some people claimed she mistreated her dogs in a recent video Friday 8:37 PM
- ‘Friends’ gets reunion special on HBO Max, fans go wild Friday 7:37 PM
- Why you should drop everything and start reading ‘Lore Olympus’ Friday 6:27 PM
- ‘Boogaloo’ memes are trying to organize a second civil war—and they’re spreading fast Friday 3:48 PM
5 years, 69 countries: Massive spy operation uncovered
The online spying operation, believed to be conducted by Russians, ranged across 69 countries and victimized hundreds of governments and research and diplomatic institutions.
For five years, electronic ne’er-do-wells have been conducting an online spying operation that, while focused on targets in Central and Eastern Europe, has ranged across 69 countries and victimized hundreds of governments and research and diplomatic institutions.
Kaspersky Labs, the Muscovite antivirus and Internet security software firm that discovered the campaign, has branded it “Red October” and believes, given language clues they’ve uncovered, that it is likely conducted by Russian speakers.
The campaign, according to Kaspersky, “is currently still active with data being sent to multiple command-and-control servers, through a configuration which rivals in complexity the infrastructure of the Flame malware.”
The focus on the campaign has been on diplomatic and governmental targets, with information from each successful attack being used in future operations; credentials and passwords seized in one attack, for instance, were used in subsequent missions to gain access to further information.
To control the increasing network of infected machines, “the attackers created more than 60 domain names and several server hosting locations in different countries (mainly Germany and Russia),” creating “a chain of servers working as proxies and hiding the location of the true mothership command and control server.”
The campaign, says Kaspersky, did not target individual computers and servers alone. It also successfully breached smartphones, network equipment configuration, removable media, POP/IMAP servers and FTP servers.
Three different previously known exploits were used in the campaign, including vulnerabilities in Microsoft Word and Excel. Spear phishing was used at a high level, with most of the attacks tailored to specific systems or system users.
Although the malware modules were, Kaspersky believes, created by Russian speakers and the exploits by Chinese hackers, they do not believe there is necessarily a national actor behind it.
“Currently, there is no evidence linking this with a nation-state sponsored attack. The information stolen by the attackers is obviously of the highest level and includes geopolitical data which can be used by nation states. Such information could be traded in the underground and sold to the highest bidder, which can be, of course, anywhere.
Kaspersky first detected the campaign in October 2012, as part of a job for a customer. The first part of its extensive report is available online now, with the second part, detailing more of the technical side of the attacks, available later this week.
Graphic from Kaspersky Labs
Curt Hopkins has over two decades of experience as a journalist, editorial strategist, and social media manager. His work has been published by Ars Technica, Reuters, Los Angeles Times, and San Francisco Chronicle. He is the also founding director of the Committee to Protect Bloggers, the first organization devoted to global free speech rights for bloggers