Red October (malware)
Red October was a cyberespionage malware program discovered in October 2012 and uncovered in January 2013 by Russian firm Kaspersky Lab. The malware was reportedly operating worldwide for up to five years prior to discovery, transmitting information ranging from diplomatic secrets to personal information, including from mobile devices. The primary vectors used to install the malware were emails containing attached documents that exploited vulnerabilities in Microsoft Word and Excel.[1][2] Later, a webpage was found that exploited a known vulnerability in the Java browser plugin.[1][3] Red October was termed an advanced cyberespionage campaign intended to target diplomatic, governmental and scientific research organizations worldwide.
After being revealed, domain registrars and hosting companies shut down as many as 60 domains, used by the virus creators to receive information. The attackers, themselves, shut down their end of the operation, as well.
References
- McAllister, Neil (16 Jan 2013). "Surprised? Old Java exploit helped spread Red October spyware". The Register.
- "The "Red October" Campaign - An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies". Kaspersky Lab. 3 Mar 2014.
- Goodin, Dan (15 Jan 2013). "Red October relied on Java exploit to infect PCs". Ars Technica.