See also What is Red October? and Red October crypto app adopts “two-man rule” used to launch nukes
by Dennis Fisher December 10, 2014
EXCERPT
“In August 2014, some of our users observed targeted attacks with a variation of CVE-2012-0158 and an unusual set of malware. We did a quick analysis of the malware and it immediately stood out because of certain unusual things that are not very common in the APT world,” researchers at Kaspersky said in an analysis of the attack.
“At least one of them immediately reminded us of RedOctober, which used a very similarly named spearphish: “Diplomatic Car for Sale.doc”. As we started digging into the operation, more details emerged which supported this theory. Perhaps the most unusual fact was that the Microsoft Office exploit didn’t directly write a Windows PE backdoor on disk. Instead, it writes an encrypted Visual Basic Script and runs it.”
Both Red October and CloudAtlas have targeted the same victims. Not just the same organizations, but some of the same machines. In one case, a machine was attacked only twice in the last two years, once by Red October and once by CloudAtlas. Both campaigns also hit victims in the same countries: Russia, Belarus, Kazakhstan and India. The two campaigns also use similar malware tools.
Full Article
by Pierluigi Paganini on December 11th, 2014
Full Article
Kaspersky Lab suspects that the bad actor who is managing a new campaign dubbed CloudAtlas is the same that run the Operation Red October two years ago.
Red October is the name of a cyber espionage campaign discovered by security experts at Kaspersky Lab in late 2012 and disclosed in January 2013. The threat actors behind the Red October campaign have stolen sensitive information from diplomatic, governmental and scientific research organizations in several countries, the majority of them in Eastern Europe, former USSR members and countries in Central Asia. The campaign targeted computers in the following industries:- Government
- Diplomatic / embassies
- Research institutions
- Trade and commerce
- Nuclear / energy research
- Oil and gas companies
- Aerospace
- Military
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.