I tweeted about this earlier today, it is still way to early to have solid grasp of the scope of this Malware IMVHO, but the Ars article does good job of giving initial idea of the size of this attack.
Lots of things about this Malware are really impressive, but this part grabbed my attention, from Ars link at top:
One novel feature contained in Red October is a module that creates an extension for Adobe Reader and Microsoft Word on compromised machines. Once installed, the module provides attackers with a "foolproof" way to regain control of a compromised machine, should the main malware payload ever be removed.This is one of the tidbits that make me think this is State sponsored, most criminals are opportunistic, in other words criminals tend to attack easy targets.
"The document may be sent to the victim via e-mail," the researchers explained. "It will not have an exploit code and will safely pass all security checks. However, like with exploit case, the document will be instantly processed by the module and the module will start a malicious application attached to the document."
There are exceptions, certain types of Terrorist attacks and/or Ideological attacks may chose well defended targets because they are not motivated my economic profit for example.
The amount of effort this shows, for re exploiting a targeted system, after Computer Security removed original exploit, has the definite mark of Military Intelligence to me.
I suggest the Ars article linked at top.
The comments to the Ars article are well worth reading for people wanting to learn more, you can find good insights and resources in the comments section whether your new to Computer Security or an expert yourself.
You do have to screen out the noise to find the signals of course.
Original article from Kaspersky is https://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies
[Edited to add this from link immediately above, Rocra (short for "Red October"), is shorthand name they are using for this Malware, might be useful for additional Google searches.]
I will certainly be blogging more about Red October.
I have created new Label Red October Malware, you can bookmark that, if you want an easy way to check for updates.
I will be adding that Label to the selected labels at left side of Blog.
Labels can be found at bottom left of every blog post, and here is a suggested list of Labels for people interested in Security & Hacking:
I am still looking for ways to improve searches on my blog, so far best I have found is simply using Google with Cliff's Esport Corner in search box, plus topic your interested in like Red October, if a Label doesn't work for you.
I have tested Google's gadget for Blogger, but it wasn't as useful as regular Google for finding material on my blog the last time I tested it.
No comments:
Post a Comment