Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

€2 a Month €5 a Month One-off amount
Peter Gudella via Shutterstock
Red October

Security company discovers online attack to steal EU and NATO files

Kaspersky says the ‘Red October’ virus has been targeting embassies across Europe – including in Ireland.
7.45pm, 14 Jan 2013
6.4k
21

AT LEAST ONE foreign embassy based in Ireland has been targeted as part of a newly-discovered major international cyber attack appearing to target EU and NATO institutions.

The ‘Red October’ attack, targeting government and military agencies in several European countries, and in particular looked to make copies of files associated with a classification program used by EU institutions.

Security firm Kaspersky Lab which identified the attack, said it was perpetrated by sending Microsoft Word, Microsoft Excel and probably PDF files – each of which carried a ‘trojan’ program – to recipients.

Once the trojan had been deployed to the recipient’s computer, it would then search for a list of appropriate files and send copies back to an unspecified source.

Kaspersky Lab said its research – which involved setting up its own server to act as an intermediary for traffic – indicated that an embassy based in Ireland was among the victims of the sophisticated attack, which appears to have run for several years.

Though the motives of the attack are unknown, it is suspected that the EU or NATO are the most likely victims – Belgium, which houses the headquarters of both, ranked third behind only Russia and Kazakhstan in the chart of countries with the most victims.

Most of the websites set up to receive files sent by the illicit programs were registered by users with email addresses of Russian origin, though this does not necessarily indicate that the attack itself originates from Russia.

Analysis of the code indicated the involvement of native Chinese and Russian speakers.

It is difficult to ascertain the true source of the attack because the three main computers behind it – based in Russia, Germany and Austria – each appeared to be acting only as a ‘proxy’ for another server operating at an unknown location. However, Kaspersky believes the attack has been running for about five years.

Kaspersky said Red October also infected smartphones and collected login information to test on other systems.

Unusually, Kaspersky said the attack had a unique “resurrection” module which allowed the attackers to regain access, even if the virus was discovered and removed.

In addition to diplomatic and governmental agencies of various countries across the world, Red October also targeted research institutions, energy and nuclear groups, and trade and aerospace targets, added Kaspersky Lab.

Founded in 1997, Kaspersky Lab employs more than 2,300 specialists and is a leading IT security and anti-virus software company.

Additional reporting by AFP

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Support us Learn More

Author
Gavan Reilly
gavan@thejournal.ie
@gavreilly
Send Tip or Correction
Read Next
More Stories
Related Tags
Your Voice
Readers Comments
21
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.