A cyber-espionage operation dubbed “Red October” — a powerful computer virus — is making headlines for its ability to gather classified information from institutions and governments. Russian security firm Kaspersky Labs discovered this virus in October 2012 and reported that this virus has been in the shadows for five years gathering top-secret intel. Now details of the virus are coming to light. Here’s what you need to know:
1. No One Knows Who’s Behind It
Red October looks to be made by a professional, but unlike other viruses it’s not state-funded. The virus has made it into the big leagues of malware programming yet no one knows where it came from or who created it. Kaspersky seems to think that the cyber-criminals who designed this may be based in Russia and are selling their findings on the black market. The codes and techniques seem to have Chinese origins, and have been used in targeting Tibetan activists and military in Asia.
2. The Virus Has Targeted More Than 60 Countries
The targets have been mostly in Eastern Europe and Central Asia, but other countries have been affected as well like the U.S., Ireland, Spain, Switzerland, Japan, Australia, and more. Kaspersky hasn’t given any specifics on the identities of the targets, but Wired Magazine noted that agencies and institutions involved are related to “nuclear and energy research and companies in the oil and gas and aerospace industries.”
3. It’s Been Active for Five Years
Kaspersky Labs has tracked the virus and discovered its operations have been online for five years. Information gathered from infected networks are later reused in future attacks. To control this vast network of machines, the attackers use more than 60 domain names and several server hosting locations in countries like Germany and Russia. By using this method, the attackers are able to hide their mothership command and control server.
4. NATO Was Affected By Red October
The virus has taken everything from .pdf files and Excel sheets to documents and programs with .acid extensions, which runs through an encryption program used by NATO and the French military. According to Gizmodo, Red October also happens to take information out of emails, hard drives, and even removable thumb drives taking out deleted files.
5. Red October Enters a Network Through Email
The Red October worm would attach itself in an email as an attachment like a Word doc or Excel file. Once the computer is infected, the data gets sent back to an unknown command server mothership, which assigns each victim’s computer with a 20-hex digit code to identify it. Enterprise networks like Cisco have also been hacked to steal account information and passwords through databases. Red October also helps hackers reinfect computers in case a malware is removed from antivirus scanners.
6. Even Mobile Devices Have Been Infected
The malware can also infect mobile devices like the iPhone, Windows Mobile, and Nokia. Once these phones get hooked up onto a computer, the virus takes in all the information that gets transferred into the computer. Information like contacts, call history, messages, and browsing history are copied. Even mobiles capable of reading emails get infected once the user opens them.
7. Over 1,000 Modules were Taken into Account
During the investigation, Kaspersky uncovered over 1,000 modules belonging in 30 categories. The chart above was created between 2007, with the most recent information added on January 8, 2013.
8. The Investigation So Far Found Six Domains of the Virus
The investigation has already uncovered six of over 60 domains uses by the various versions of the malware. Between November 2012 to January 2013, Kaspersky registered over 55,000 connections to the mothership. The company also found 250 IPs connecting to the main server. There are 39 countries so far that have been spotted as locations of the virus with the most activity coming from Switzerland.
9. Russia is the Most Infected Victim
With so many countries in high alert, the virus has already claimed its victims, mostly from Russia. So far only 35 infections have been reported in Russia, followed by Kazakhstan with 21, and Belgium getting 15.
10. The Investigation Hasn’t Stopped
According to their report on Monday, Kaspersky Lab teamed up with international organizations, law enforcement, and IT security companies to investigate the infamous virus. All these sources have provided their technical skills and resources for remediation and alleviation measures.