Skip Links

Kaspersky Lab's "Red October" cyber-espionage saga leaves lots of questions unanswered

Is this Russian vs. Russian espionage? Is cyber-war a good marketing tool?

By , Network World
January 16, 2013 03:42 PM ET

Network World - Moscow-based anti-malware firm Kaspersky Lab says it's uncovered a years-long cyber-espionage campaign using phishing to target individuals in business, research and government offices mainly in Russia and Eastern Europe to steal sensitive data. This cyber-spy operation is also suspected to be run by Russian speakers. More about all of this is expected in the next day or so from Kaspersky Lab, which has lent an aura of drama to it all by calling the malware and its use "Red October."

RELATED: 12 must-watch security start-ups for 2012

MORE: 25 crazy and scary things the TSA has found on travelers

Americans would tend to connect the name "Red October" with the popular Cold War-based spy thriller "Hunt for Red October" written by Tom Clancy and the movie by the same name with actor Sean Connery as the USSR nuclear-submarine captain who violates orders to head toward the U.S. to defect. But for Russians, the name "Red October" evokes something far different: It was the day of Oct. 23, 1917 when a vote in favor of an armed uprising by Russia's Bolshevik socialist revolutionaries led to a fast coup that toppled the western-style democrat Russian Provisional Government formed after the overthrow of the czar, ushering in decades of Communist dictatorship.

Some looking at the information that Kaspersky has provided so far about "Red October" are wondering if it's mainly a Russian vs. Russian botnet operation that could involve some of Russia's moneyed industrialists in the oil and gas business, for instance, spying on the government, or vice versa. Or perhaps spying on each other by attaining information from a third-party operating a botnet compromising both computers and handheld mobile devices.

"It's a very interesting case study," says Sean Sullivan, security adviser at F-Secure, the anti-malware firm headquartered in Finland. The entire operation could well involve Russia's "competing oligarchs," a term often used to describe the business magnates and billionaires who rose to power in industries such as oil and gas after the official end of the Soviet Union. Their battles among themselves and the Russian government have spilled with vehemence into the public eye from time to time. Still, in the drama of Kaspersky's "Red October," the espionage might still have something to do with China, Sullivan says.

Kaspersky Lab, which so far has merely stated it appears the cyber-espionage is organized by Russian speakers, isn't saying more yet, though the firm is pushing out volumes of technical detail about the malware dubbed Rocra for short, claiming it all means that the Red October cyber-espionage rivals that of the Flame botnet cyber-espionage discovery Kaspersky made last year. So far, the security firm is describing the individuals as "high-profile" people associated with government agencies and embassies, nuclear and energy research organizations and companies in the oil, gas and aerospace industries. Most targets have been in Russia, Kazakhstan or Azerbaijan, according to what Kaspersky has said so far.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News