'Red October' cyber-attack discovered by Russian researchers


A computer screen of Dirk Engling, spokesperson of the Chaos Computer Club, shows the file name (highlighted) of the Trojan spyware allegedly made by the German authorities in the CCC's offices in Berlin on October 12 , 2011. The computer club and German hacker organization claims to have cracked spying software allegedly used by German authorities.


Odd Andersen

"Red October," a cyber-attack that has been targeting government institutions since 2007, has been discovered by Russian researchers.

Russian cyber-security firm Kaspersky and other cyber emergency response teams have been on a hunt to track down the malware, which has been attacking diplomatic, governmental and scientific research organizations though Eastern Europe, Central Asia, and even North America, according to CCL Online

Thirty-five of the infected computers were found in Russia. Kazakhstan and Azerbaijan also had a fair number of attacks – 21 and 15, respectively — and infected machines were also found in India, Iran, the US, Italy, and Greece, tech website ITProPortal reported

Kaspersky Lab said that digital clues hinted that those behind "Red October" are Russian-speakers, but gave few details and refrained from naming specific organizations that were targeted, The New York Times reported

"We initiated our checks and quite quickly understood that is this a massive cyber-attack campaign," senior researcher Vitaly Kamluk told BBC News. "There were a quite limited set of targets that were affected — they were carefully selected. They seem to be related to some high-profile organizations.

Kurt Baumgartner, a senior security researcher at Kaspersky, described the campaign as a “sophisticated and very patient multiyear effort” to extract confidential geopolitical information from various sources, according to the New York Times. 

The virus has been compared to Flame, another cyber attack that spied on Iranian computers, and includes a special module for recovering deleted files from USB sticks, which Kamluck said has never before been seen in a malware program.

It also hides on a computer if it is found, and is able to reactivate with a mere e-mail, according to BBC. 

The virus got its name from the Russian submarine featured in Tom Clancy's novel "The Hunt For Red October." 

More from GlobalPost: Flame virus: How does it work? Where does it come from?