An extensive espionage-oriented hacking operation, dubbed “Red October,” has over the last five years targeted computers and mobile devices 69 countries, including at least one victim in Israel, and still remains active, according to a Monday report from the Moscow anti-virus firm Kaspersky Lab.
The operation uses a variety of methods, including a phishing attack disguised as an offer of a diplomatic car for sale, to target “diplomatic, governmental and scientific research organizations, gathering data and intelligence from mobile devices, computer systems and network equipment,” according to the report.
Though the virus seemed centered on countries in the former Soviet Union and Central Asia, Israel and some neighboring countries were also affected.
“All we can say now about the infection in Israel is that the victim is a diplomatic institution/embassy,” Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team, told The Times of Israel. “We are open to working with certain entities in Israel to identify the infection.”
Hundreds of “high-profile” targets around the world have been affected by the bug, which Kaspersky said was less complex than the superbug Flame discovered by the lab that targeted Iranian computers last year. However, the firm said some of the virus’s code rivaled Flame in complexity.
Raiu said that “diplomats and embassies appear to be the preferred choice for the attacks” and added that it was likely that there were many more victims, since the virus has been active since May 2007 and the current known list of infected computers covers only the last three months.
“This is the reality of the times we are living in,” Raiu said. “It is quite common for us to discover that a monster operation has been going on for years. The hackers are getting more and more sophisticated… detection becomes extremely difficult.”
“Red October,” so named because the virus was discovered in October, is designed to steal documents, files, browser history, keystroke records and other information from infected computers, including spreadsheets and files encrypted by a specific program used by EU and NATO governments. It will also steal information from USB sticks and mobile phones plugged into an infected computer.
The virus is suspected by Kaspersky to have been created by independent Russian-speaking hackers, working with protocols originally developed in China.