A cyber-espionage campaign has breached computer networks at diplomatic, government and scientific research organisations for at least five years. However, there are currently no clues as to who is responsible, nor is there evidence to suggest the activities are sponsored by any state. That's according to online security company Kaspersky Labs, which has uncovered the campaign.
'Red October' has malicious software which actively sends data to "multiple command-and-control servers," says Kaspersky. Command-and-control servers are datacentres that can remotely manage computers that run malware. The company says that its configuration rivals last year's Flame virus.
As well as focusing on geopolitical targets such as government agencies, embassies, nuclear research centres and defence establishments, another unique characteristic is that it resurrects infected computers by embedding a plug-in inside software like Adobe Reader or Microsoft Office, which still enables hackers access even if the malware is removed or a patch installed. Mobile devices such as Windows Phones, iPhones, Nokia phones and the corresponding tablets are also at risk.
Kaspersky observed tens of thousands of malicious communications coming from hundreds of domains. There are undoubtedly thousands more. The company observed that the exploits appear to have been created by Chinese hackers and that the malware modules have been created by Russian-speaking operatives, though they are not necessarily Russian hackers.
Most targets have been in Eastern Europe, but attacks in North America and Western European countries including Switzerland and Luxembourg have also taken place since 2007.