Close Protection Domain
Welcome to Close Protection Domain,

Please Log In or Register.
Security is our main priority and you will not be able to view posts or navigate on CPD until you register or Log In.

Sophisticated cyberespionage operation focused on high-profile targets

Go down

Sophisticated cyberespionage operation focused on high-profile targets

Post by Ted-Pencry on 17/1/2013, 08:53

After Stuxnet and Flame, two computer programs believed to have made cyberespionage history, another super-sophisticated malware has been uncovered, this time targeting classified computer systems of diplomatic missions, energy and nuclear groups.

The existence of the malware was publicly announced by Russian-based multi-national computer security firm Kaspersky Lab, which said its researchers had identified it as part of a cyberespionage operation called Rocra, short for Red October in Russian.

The company’s report, published on Monday on Securelist, a computer security portal run by Kaspersky Lab, said that the malware has been active for at least six years.

During that time, it spread slowly but steadily through infected emails sent to carefully targeted and vetted computer users. The purpose of the virus, which Kaspersky Lab said rivals Flame in complexity, is to extract “geopolitical data which can be used by nation states”.

Most of the nearly 300 computers that have so far been found to have been infected belong to government installations, diplomatic missions, research organizations, trade groups, as well as nuclear, energy and aerospace agencies and companies.

Interestingly, the majority of these targets appear to be located in Eastern Europe and former Soviet republics in Central Asia. On infected computers located in North America and Western Europe, the Rocra virus specifically targeted Acid Cryptofiler, an encryption program originally developed by the French military, which enjoys widespread use by European Union institutions, as well by executive organs belonging to the North Atlantic Treaty Organization.

It is important to note that Kaspersky Lab said it found no evidence to suggest that a government is behind Rocra. However, the company’s report states that the choice of targets, coupled with some forensic evidence embedded in the malware’s code, point to the strong possibility that Rocra’s designers “have Russian-speaking origins”.

It is also worth pointing out that the number of infected computers appears small, especially when one considers the resources in time and effort that Rocra’s design must have required. This leads to the conclusion that the virus was selectively directed at few carefully selected computers belonging to high-profile targets.

Close Protection Domain

Please make sure you read the forum rules before posting.

CPD Founder & Administrator
CPD Founder & Administrator

Posts : 1977
Join date : 2012-08-23
Location : London

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum