Sophisticated cyberespionage operation focused on high-profile targets

Rocra malware programming codeBy JOSEPH FITSANAKIS | |
After Stuxnet and Flame, two computer programs believed to have made cyberespionage history, another super-sophisticated malware has been uncovered, this time targeting classified computer systems of diplomatic missions, energy and nuclear groups. The existence of the malware was publicly announced by Russian-based multi-national computer security firm Kaspersky Lab, which said its researchers had identified it as part of a cyberespionage operation called Rocra, short for Red October in Russian. The company’s report, published on Monday on Securelist, a computer security portal run by Kaspersky Lab, said that the malware has been active for at least six years. During that time, it spread slowly but steadily through infected emails sent to carefully targeted and vetted computer users. The purpose of the virus, which Kaspersky Lab said rivals Flame in complexity, is to extract “geopolitical data which can be used by nation states”. Most of the nearly 300 computers that have so far been found to have been infected belong to government installations, diplomatic missions, research organizations, trade groups, as well as nuclear, energy and aerospace agencies and companies. Interestingly, the majority of these targets appear to be located in Eastern Europe and former Soviet republics in Central Asia. On infected computers located in North America and Western Europe, the Rocra virus specifically targeted Acid Cryptofiler, an encryption program originally developed by the French military, which enjoys widespread use by European Union institutions, as well by executive organs belonging to the North Atlantic Treaty Organization. It is important to note that Kaspersky Lab said it found no evidence to suggest that a government is behind Rocra. However, the company’s report states that the choice of targets, coupled with some forensic evidence embedded in the malware’s code, point to the strong possibility that Rocra’s designers “have Russian-speaking origins”. It is also worth pointing out that the number of infected computers appears small, especially when one considers the resources in time and effort that Rocra’s design must have required. This leads to the conclusion that the virus was selectively directed at few carefully selected computers belonging to high-profile targets. Kaspersky Lab has also published a more technical report on Rocra, which is available here.

3 Responses to Sophisticated cyberespionage operation focused on high-profile targets

  1. Carl Clark says:

    It originates from the Chinese so this should mean a war footing for the west, as they are looking at shutting down power grids and Nuclear power stations.

  2. the next big war will be on the web and a lot of computer are already infected. that’s like sleeper agents all over the world.

  3. totally agree with you Robert, that is why there are so many nervous governments out there at the moment, waiting for the battles to commence it will be an unknown outcome as well whoever has the best hackers will have the best chance, I know for a fact that GCHQ and NSA have cracked every countries coded encryption with a new algorithm based program that the murdered MI6 cryptography expert Gareth Williams perfected, even Israels systems have now been compromised so if there is a battle for information we are already leaders in the world ratings, but what is lurking and skimming data from within, the Chinese are leaders in that area whether the GCHQ and NSA systems can identify that using the Williams program is another matter

We welcome informed comments and corrections. Comments attacking or deriding the author(s), instead of addressing the content of articles, will NOT be approved for publication.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s