Switch to Desktop Site

Digital fingerprints on Red October spyware point to Russia ... or do they?

Western experts who have reviewed a Russia-based report on Red October are divided over whodunnit, cyberspies in Russia or some other perpetrator. The Red October cyberspy campaign, uncovered this week, has one of the broadest geographic spreads ever identified.


This map identifies the countries where Red October infections are present.

Kaspersky Lab

About these ads

In one of the largest cyberespionage networks ever uncovered, cyberspies operating through a global web of computer servers have over five years siphoned libraries' worth of diplomatic and proprietary data, sensitive documents, e-mails, and passwords from hundreds of government and industry sites worldwide.

Dubbed Red October, the cyberspy campaign began in 2007, targeting networks inside embassies and research institutes, trade and commerce offices, and energy, aerospace, and defense firms in more than 20 countries. Most targets were in Eastern Europe, but some were in North America and Western European, according to Kaspersky, the Moscow-based cybersecurity firm that unveiled Red October this week.

Besides vacuuming up data and stealing electronic files, the Red October spyware is a utility-knife-style malware that can also infiltrate smartphones, networking equipment, and removable hard drives. After stealing data, it then wipes away any trace it has ever been on those devices.

How much do you know about cybersecurity? Take our quiz. How much do you know about cybersecurity? Take our quiz.

Even so, tidbits found inside the malicious software code led Kaspersky researchers to reach a startling conclusion: The cyberspies, whoever they are, have a strong connection with their motherland.


Page 1 of 5