India and several other countries including Russia, Europe and Central Asia have woken up to a new cyber espionage attack.
The Operation Red October, called Rocra for short, a stealth cyber attack, primarily targets government, diplomatic, public research institutions, nuclear research, aerospace and oil and gas companies.
Rocra is still active as of January 2013, and has been a sustained campaign dating back as far as 2007.
While the Russian Federation tops the list with 38 attacks, Kazakhstan (21), Belgium (16), Azerbaijan (15) and India (14) occupy the subsequent slots.
“The main objective of the attackers was to gather sensitive documents from the compromised organisations, which included geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment,” said a cyber security analyst with the Moscow-based security solutions firm Kaspersky.
The attackers often used information that they stole from infected networks, as a way to gain entry into additional systems. For example, stolen credentials were compiled in a list and used when the attackers needed to guess passwords or phrases to gain access to additional systems.
“To control the network of infected machines, the attackers created more than 60 domain names and several server hosting locations in different countries, with the majority being in Germany and Russia. The chain of servers was actually working as proxies in order to hide the location of the ‘mothership’ control server,” he said.