Henry Dalziel | General Hacking Posts, Hacker Hotshots | January 16, 2013
Here it is! The first cyber-attack that we thought would happen in our Top Threats of 2013 post – based upon the McAfee report.
A massive cyber-attack that potentially has been stealing confidential information from as far back as 2007. This was discovered by Russian security researchers.
Apparently the attack, or rather, better said – malware, targeted government institutions including embassies, consulates, energy research centres and oil and gas organizations.
The cyber-attack and malware has been labelled “Red October” – and likely you are going to hear more about this threat over the next few weeks and months.
The attackers, or some might call them Cyber-Warriors, has been in operation since 2007 having created over 65 domain names to co-ordinate the attack – staged from Germany and Russia. The attack and methodology was for the malware to specifically target “cryptofiler” files which is a type of encryption used by security forces and government organizations. These types of files are constructed to have public keys set for a the following files types and protocols: directory LDAP , Active Directory , Http , File Transfer Protocol and Computer File.
According to the report the majority of affected machines were in Switzerland, Kazakhstan and Greece.
This attack is relatively unique in the sense that it was not designed to cause destruction, rather it was meant to operate in stealth – something which it seems to have been very effective at. The main purpose of this attack was to steal sensitive data.