Categories: Workspace

CeBIT 2013: Red October Had EU And German Crypto Codes – Kaspersky

The Red October cyber-espionage campaign had access to encryption keys which allowed it to read secret European and German documents. Kaspersky, the Russian security firm which first described the malware-based snooping operation in January, presented more details during a press conference at the CeBIT show in Hanover, Germany.

Red October operated for at least five years, attacking embassies and government bodies, stealing information from PCs and smartphones, by infecting devices with malware using flaws such as the recent Adobe weakness. Kaspersky said the outfit must have had Russian origins, or been created by Russian speakers, as there was evidence in the payload, of a command which translates the character encoding to the Russian Cyrillic alphabet.

Secrets Read By Red October

The campaign may have been more dangerous than was thought at first, because the culprits appear to have had access to the keys for major cryptography systems, used by the European Union, NATO and the German government, said Costin Raiu, head of research at Kaspersky Labs.

The attackers appeared to posses the keys allowing them to decode exchanges using the German Chiasmus government encryption program, as well as the Acid Cryptofiler, used by NATO and the EU, said Raiu.

The campaign was very sophisticated, with bespoke malware aimed at specific targets, showing the that culprits knew exactly what they wanted. The basic malware underlying the attacks was largely re-used from known code of Chinese origin, that was made public following attempts to spy on Tibetan activists.

The malware used flaws in Adobe, Microsoft Word and Microsoft Excel to attack its victims.

Despite its sophistication, it appeared to fall apart after it was exposed. The command and control systems of Red October were dismantled hours after it was exposed, Raiu told TechWeekEurope in January.

Red October is part of a series of apparently political cyber expionage campaigns which also includes the Flame and Gauss operations,  which also hit government bodies.

Reporting by Peter Marwan of ZDNet.de

What do you know about IT in Russia? Try our quiz, Tovarisch!

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago