Results 1 to 10 of 10

Thread: The Hunt for Red October

  1. #1
    Join Date
    Aug 2005
    Beans
    6,024

    The Hunt for Red October

    http://gizmodo.com/5975793/meet-red-...in-the-shadows

    Meet Red October: The Global Cyber-Espionage Ring That Spent 5 Years in the Shadows

    Eric Limer

    There are plenty of cyberweapons floating around out there, like Stuxnet, Flame, and that whole gang. Now, Kaspersky has turned up a cyber-espoinage operation its dubbed "Red October," and it's up there in the big leagues. But unlike its cohorts, it doesn't look state-sponsored. This is a freelance job, and it's professional grade.

    While Red October has only recently been discovered, it's been working behind the scenes for a long time. According to its domain names and various details dug up from the executable code, it's been doing its thing since 2007, if not earlier. And what is its thing? Harvesting loads of classified information from high-profile targets across the globe—including the United States, but mostly in Eastern Europe and Central Asia. And it's got quite the stash.

    Red October has been infecting targets through vulnerabilities in MS Word and MS Excel. Once there's a foothold, the infected devices call back to command servers for customized packages of malware signed with victim-specific 20 digit codes. From there, it collects data straight from government institutions, embassies, research firms, military installations, and energy providers, nuclear and otherwise. Over the past half-decade, Red October has been able to dive deeper and deeper into classified intel by using its ever-growing store of pilfered credentials, logins, and other handy tidbits to intelligently guess its way through security.

    Part of the reason it's especially dangerous is that it's not confined to infecting, stealing from, and keylogging workstations. The malware also has to capability to get into mobile phones (iOS, Windows Mobile, and Nokia) connected to infected machines and snag a copy of their contacts, calls, messages, and browsing history. It can also scrub enterprise network equipment and removable disk drives, copy entire email databases from Outlook storage and POP/IMAP servers, and it can even take deleted files off USB sticks using its own recovery mechanism. Red October doesn't mess around.

    What it can get is one question, but who it's run by is a very different one. According to Kaspersky the exploits are probably Chinese in origin, and Russian slang in some of the code implies the operators speak Russian. Or they're running an in-depth long-con to make people think they do. Most of the command & control servers and domains that can be found are located in and around Germany and Russia, but an intense chain of proxies is still effectively masking the operation's real home base. And while it rivals state-sponsored projects in size and complexity, its never been known to tangle with or team up with them in any way. Red October is a solitary hoarder, sitting in some cyber-shack alone, surrounded by heaps of top secret info.

    Likewise, it's still up for grabs what all this espionage is for. There's no evidence to suggest this is a state-sponsored affair, and it seems to be just trucking along, collecting as much classified information as possible just to have it around. Infections are most prominent in Russia (35 infections) but Afghanistan (10), Iran (7), the United States (6), and even Switzerland (5) are on the map as well. But there's no telling what's been done with any info. It could be being sold, acting on in some covert way, or just stockpiled for the right moment for...something.

    It's hard not to imagine a man sitting behind a large desk, his face obscured by shadow, tapping his fingers and chuckling to himself sinisterly, watching his own private store of the world's confidential information grow before his very eyes as he ponders what do with it all. And that might not be too far off from the truth. This isn't just a game for nation-states to play; it looks like there's a free agent in the mix, and he/she/they/it/ is every bit as competent as the big names. [Kaspersky]

  2. #2
    Join Date
    Dec 2010
    Beans
    Hidden!

    Re: The Hunt for Red October




    404

  3. #3
    Join Date
    Sep 2005
    Location
    Rural Nevada, USA
    Beans
    314
    Distro
    Ubuntu 17.04 Zesty Zapus

    Re: The Hunt for Red October

    Well, you can't blame Bradley Manning for THAT one!

  4. #4
    Join Date
    Jun 2005
    Beans
    338
    Distro
    Kubuntu 12.10 Quantal Quetzal

    Re: The Hunt for Red October

    This is hard to discuss without getting political, but this is halfway straight out of something like Ghost in the Shell

  5. #5
    Join Date
    Nov 2009
    Beans
    Hidden!
    Distro
    Kubuntu 20.04 Focal Fossa

    Re: The Hunt for Red October

    it would be fun though if all was published on wikileaks or some similar site
    Read the easy to understand, lots of pics Ubuntu manual.
    Do i need antivirus/firewall in linux?
    Full disk backup (newer kernel -> suitable for newer PC): Clonezilla
    User friendly full disk backup: Rescuezilla

  6. #6
    Join Date
    Sep 2012
    Beans
    88
    Distro
    Kubuntu 15.10 Wily Werewolf

    Re: The Hunt for Red October

    I don't buy the explanation that this is the work of one man. Something sophisticated as that has to have many people working on it.

    I would guess China or Russia.

  7. #7
    Join Date
    Aug 2005
    Beans
    6,024

    Re: The Hunt for Red October

    Quote Originally Posted by pompel9 View Post
    I don't buy the explanation that this is the work of one man. Something sophisticated as that has to have many people working on it.

    I would guess China or Russia.
    It could be any country.

  8. #8
    Join Date
    Jun 2005
    Location
    Toronto, Canada
    Beans
    Hidden!
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: The Hunt for Red October

    Just finished reading Threat Vector by Tom Clancy. Without giving away too much about the novel, it includes an organization very similar to Red October, including "...a man sitting behind a large desk, his face obscured by shadow..."

  9. #9
    Join Date
    Jun 2005
    Beans
    338
    Distro
    Kubuntu 12.10 Quantal Quetzal

    Re: The Hunt for Red October

    Quote Originally Posted by pompel9 View Post
    I don't buy the explanation that this is the work of one man. Something sophisticated as that has to have many people working on it.

    I would guess China or Russia.
    There were a lot of attacks in Russia, so unlikely to be them, I wager

  10. #10
    Join Date
    Jul 2012
    Location
    /tropics/islands/statia
    Beans
    275
    Distro
    Kubuntu 12.04 Precise Pangolin

    Re: The Hunt for Red October

    Quote Originally Posted by weasel fierce View Post
    There were a lot of attacks in Russia, so unlikely to be them, I wager
    That's what they want you to think...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •