Kaspersky Lab's "Red October" cyber-espionage saga leaves lots of questions unanswered

Moscow-based anti-malware firm Kaspersky Lab says it's uncovered a years-long cyber-espionage campaign using phishing to target individuals in business, research and government offices mainly in Russia and Eastern Europe to steal sensitive data. This cyber-spy operation is also suspected to be run by Russian speakers. More about all of this is expected in the next day or so from Kaspersky Lab, which has lent an aura of drama to it all by calling the malware and its use "Red October."

RELATED: 12 must-watch security start-ups for 2012

MORE: 25 crazy and scary things the TSA has found on travelers

Americans would tend to connect the name "Red October" with the popular Cold War-based spy thriller "Hunt for Red October" written by Tom Clancy and the movie by the same name with actor Sean Connery as the USSR nuclear-submarine captain who violates orders to head toward the U.S. to defect. But for Russians, the name "Red October" evokes something far different: It was the day of Oct. 23, 1917 when a vote in favor of an armed uprising by Russia's Bolshevik socialist revolutionaries led to a fast coup that toppled the western-style democrat Russian Provisional Government formed after the overthrow of the czar, ushering in decades of Communist dictatorship.

Some looking at the information that Kaspersky has provided so far about "Red October" are wondering if it's mainly a Russian vs. Russian botnet operation that could involve some of Russia's moneyed industrialists in the oil and gas business, for instance, spying on the government, or vice versa. Or perhaps spying on each other by attaining information from a third-party operating a botnet compromising both computers and handheld mobile devices.

"It's a very interesting case study," says Sean Sullivan, security adviser at F-Secure, the anti-malware firm headquartered in Finland. The entire operation could well involve Russia's "competing oligarchs," a term often used to describe the business magnates and billionaires who rose to power in industries such as oil and gas after the official end of the Soviet Union. Their battles among themselves and the Russian government have spilled with vehemence into the public eye from time to time. Still, in the drama of Kaspersky's "Red October," the espionage might still have something to do with China, Sullivan says.

Kaspersky Lab, which so far has merely stated it appears the cyber-espionage is organized by Russian speakers, isn't saying more yet, though the firm is pushing out volumes of technical detail about the malware dubbed Rocra for short, claiming it all means that the Red October cyber-espionage rivals that of the Flame botnet cyber-espionage discovery Kaspersky made last year. So far, the security firm is describing the individuals as "high-profile" people associated with government agencies and embassies, nuclear and energy research organizations and companies in the oil, gas and aerospace industries. Most targets have been in Russia, Kazakhstan or Azerbaijan, according to what Kaspersky has said so far.

Sullivan says so far the technical descriptions of Red October supplied by Kaspersky Lab do not make it that unusual from any other botnet-controlled effort to compromise victim computers or mobile devices.

But as Kaspersky unwinds its tale of Red October there was a blog item today about more technical aspects with a full report expected out within the next few days -- there is one aspect of it that should be no surprise. Like many other anti-malware firms that have garnered headlines due to botnets they uncovered McAfee, for instance, has done much the same in the past there's the benefit in boosting the brand name in the public eye as headlines appear. Kaspersky says its discovery came from someone who asked the security firm last October to look into a spear-phishing campaign.

At the end of January at the Dream Downtown Hotel in New York City, Kaspersky Lab's founder Eugene Kaspersky is expected to be on hand to participate in an event called "How Cyber-Warfare Impacts Corporate Security," where Howard Schmidt, former cyber-security coordinator for the Obama Administration is also expected to attend. The event is also expected to include a Kaspersky endpoint product announcement which only shows cyber-war can be a good tie-in to marketing.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags TSAsecuritybotnet; anti-malware; Red Octoberanti-malwarekaspersky lab

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts