The Red October Espionage Platform was the biggest spyware threat encountered in the last few months; however, reports about the threat appeared just a week ago. On January 16th, Kaspersky Lab (a Russian cyber security company) discovered a major malware that was targeting government facilities, diplomatic consulates, intelligence agencies, and even defense installations all over the world. The report by Kaspersky Lab suggested that the malware had already stolen terabytes worth of sensitive information.
The first signs of the malware were reported in October, and it raised red flags everywhere; hence the name Red October. The virus was usually camouflaged as business transaction documents, and infiltrated systems in the form of regular business correspondence. Furthermore, it started as a few kilobytes of code initially, and then grew within the system.
The number of affected computers is over 1000 and the attacks date back as far as May 2007. The platform was extremely complex and was resistant to attacks by cyber security companies. The command and control network used 60 Internet domain names to funnel information. Once the report was made public, most of those domains and servers started shutting down one by one. The design had layers upon layers of servers and domains.
While different internet security companies are speculating different points of origin for the spyware, it has been completely shut down by the attackers. The full extent of the infected computers and the network used to funnel information to and from the computers has not been discovered yet.
The design was so complicated that the attackers replaced the hidden executable file with a different code, combine that with a complicated layer of networks, and the malware may very well be impossible to trace back to the attackers. It is also being speculated that the attacker was an organization with access to at least two dozen highly skilled programmers.
Although this is not the first time an espionage platform has attacked multiple government agencies all over the world, but this can develop into something bigger as the story unfolds. This also raises some serious questions about internet security in high profile government agencies.
While cyber security companies from all over the world are looking into the matter, it appears that the operation has been unplugged and might not be traced back to the attackers. Will the attackers get away with five years of global espionage? Let’s wait and see.