MOSCOW, Jan. 14, 2012 – India is among the nations hit by a cyber espionage that has been targeting diplomatic, governmental as well as scientific research organization at least for five years, according to a Russian cyber security firm.
Termed as ‘Red October’, the campaign (named after the famous novel ‘The Hunt For The Red October’ by Tom Clancy) has significantly hit Russia, Kazakhstan, India, Azerbaijan and Belgium, among others, Kaspersky Lab said in a report today.
The cyber espionage campaign ‘Rocra’ (short for Red October) has infected hundreds of victims worldwide across eight categories — ‘Government, Diplomatic/embassies, Research institutions, Trade and commerce, Nuclear/energy research, Oil and gas companies, Aerospace and Military’.
“The earliest evidence indicates that the cyber-espionage campaign was active since 2007 and is still active at the time of writing (January 2013),” the firm said.
Based on Kaspersky Security Network (KSN), the list of countries that have seen most number of infections is topped by Russia at 35. It is followed by Kazakhstan (21) while India, Azerbaijan and Belgium witnessed 15 infections each.
Other nations impacted include Afghanistan (10), Armenia (10), Iran and Turkmenistan (7 each), Ukraine, Vietnam and the US (6 each), Pakistan (5) and Brazil (4).
Only countries that have seen more than five infections have been included in the list.
“It is quite possible there are other targeted sectors which haven’t been discovered yet or have been attacked in the past,” Kaspersky cautioned in the report.
It noted that at present there is no evidence of the campaign having links “with a nation-state sponsored attack”.
According to the report, the targets were mainly countries in Eastern Europe, former USSR Republics, and Central Asia.
“The main objective of the attackers was to gather sensitive documents from the compromised organizations, which included geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment,” Kaspersky said.
Regarding the perpetrators, the report said that currently there is no evidence of links “with a nation-state sponsored attack”.
It noted that the information stolen by the attackers is obviously of the highest level and includes geopolitical data which can be used by nation states.
“Such information could be traded in the underground and sold to the highest bidder, which can be of course, anywhere,” it added.
While the “exploits appear to have been created by Chinese hackers”, the Rocra malware modules have been created by Russian-speaking operatives, the report said.