India and many other countries across the world have fallen victim to an unprecedented cyber espionage attack — uncovered, but not yet neutralised by Russia’s leading internet security company.
Unidentified criminals have been siphoning off secret data from hundreds of computer systems used by government agencies, nuclear, aerospace and military institutions and private companies, in dozens of countries for the past five years, said the Kaspersky Lab in a report released in Moscow.
While Russia tops the list of countries with 38 detected infections, India ranks fifth with 14 infections, after Kazakhstan (21); Azerbaijan (15); and Belgium (15). The United States is also on the list with six attacks.
Termed ‘Red October’ or Rocra for short, the cyber spying campaign was launched in 2007 and is still active, the report warned.
“It is quite possible there are other targeted sectors which haven’t been discovered yet,” Kaspersky cautioned. Kaspersky Lab detected the attack in November 2012 thanks to its security network. What makes this campaign different is that it uses the most sophisticated and elaborate modular structure yet with unprecedented number of spy codes,” said Vitaly Kamlyuk of the Kaspersky Lab.
The expert believes the attack could have Russian roots, while the bulk of servers the spy network uses are in Germany and Russia. The majority of servers were used as proxies, in order to hide the command server at the core of the operation.
The Rocra malware, called Backdoor.Win32.Sputnik, has been stealing data both from computer workstations, removable disk drives and smartphones, including iPhones, Nokia and phones running on Windows mobile.
It is capable of regaining control of computers cured of the malware and has even stolen documents encrypted with classified software ‘Acid Cryptofiler’ used by NATO and the European Union and the North Atlantic Treaty Organization since 2011.
Experts said they did not know whether the attack was state-sponsored or mounted by a criminal group seeking to sell confidential information to the highest bidder.
The Kaspersky Lab said it is continuing its investigation in collaboration with international law enforcement agencies and national Computer Emergency Response Teams (CERT).