Operation red October: the astonishing hacking ring that shook the world


A high-level cyber-espionage campaign has successfully attacked many leading infrastructural websites of the country which included: embassies, oil and gas institutes and nuclear station. Kaspersky Lab's researchers have spent several months analyzing this malware.

The ring targets specific organizations mostly in Eastern Europe, former USSR members and countries in Central Asia, but also in Western Europe and North America. The main objective of the attackers was to gather sensitive documents from the compromised organizations, which included geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment.

In addition to diplomatic and governmental agencies of various countries across the world, Red October also targeted research institutions, energy and nuclear groups, and trade and aerospace targets. The malware is even claimed to have had infiltrated smartphones of government workers including iPhones,  Windows Mobile and Nokia handsets to electronically steal information.

The way of attack is by sending malware in the system, it then attacked the encrypted with software used by several entities from the European Union to Nato. Right after the victim opens the malicious document on a vulnerable system, the embedded malicious code initiates the setup of the main Red October software on the machine. This handles further communication with the master servers run by the hackers, and can survive the computer being restarted. Next, the system receives a number of additional spy modules from the hacker's server.

It is estimated that over 7 terabytes or 7,000 GB of data has been stolen  since the initial attack five years ago.

The information that the researchers have extracted, did not appear to point towards any specific location. However, two important factors stand out:

  • The exploits appear to have been created by Chinese hackers.
  • The Rocra malware modules have been created by Russian-speaking operatives since a few Russian words were thrown in such as ‘Proga’ which is commonly used among Russian programmers.

“It could be any organization or country behind this; it could be nation states or a private business or criminal group.” Vitaly Kamluk, Chief Malware Expert of Kaspersky Lab said. 

Red October, which is named after the Russian submarine featured in the Tom Clancy novel The Hunt For Red October.