#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 9°C Thursday 9 December 2021

Security company discovers online attack to steal EU and NATO files

Kaspersky says the ‘Red October’ virus has been targeting embassies across Europe – including in Ireland.

Image: Peter Gudella via Shutterstock

AT LEAST ONE foreign embassy based in Ireland has been targeted as part of a newly-discovered major international cyber attack appearing to target EU and NATO institutions.

The ‘Red October’ attack, targeting government and military agencies in several European countries, and in particular looked to make copies of files associated with a classification program used by EU institutions.

Security firm Kaspersky Lab which identified the attack, said it was perpetrated by sending Microsoft Word, Microsoft Excel and probably PDF files – each of which carried a ‘trojan’ program – to recipients.

Once the trojan had been deployed to the recipient’s computer, it would then search for a list of appropriate files and send copies back to an unspecified source.

Kaspersky Lab said its research – which involved setting up its own server to act as an intermediary for traffic – indicated that an embassy based in Ireland was among the victims of the sophisticated attack, which appears to have run for several years.

Though the motives of the attack are unknown, it is suspected that the EU or NATO are the most likely victims – Belgium, which houses the headquarters of both, ranked third behind only Russia and Kazakhstan in the chart of countries with the most victims.

Most of the websites set up to receive files sent by the illicit programs were registered by users with email addresses of Russian origin, though this does not necessarily indicate that the attack itself originates from Russia.

Analysis of the code indicated the involvement of native Chinese and Russian speakers.

It is difficult to ascertain the true source of the attack because the three main computers behind it – based in Russia, Germany and Austria – each appeared to be acting only as a ‘proxy’ for another server operating at an unknown location. However, Kaspersky believes the attack has been running for about five years.

Kaspersky said Red October also infected smartphones and collected login information to test on other systems.

Unusually, Kaspersky said the attack had a unique “resurrection” module which allowed the attackers to regain access, even if the virus was discovered and removed.

In addition to diplomatic and governmental agencies of various countries across the world, Red October also targeted research institutions, energy and nuclear groups, and trade and aerospace targets, added Kaspersky Lab.

Founded in 1997, Kaspersky Lab employs more than 2,300 specialists and is a leading IT security and anti-virus software company.

Additional reporting by AFP

About the author:

Gavan Reilly

Read next: