April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Cyber spy that targets governments is uncovered

"Rocra" victims

A long-running Cyber espionage malware campaign aimed at governments in Eastern Europe, Russia, and central Asia has infiltrated computer systems, mobile devices and network equipment in the regions, according to cyber security provider Kaspersky.

In a report issued on Jan. 14, Kaspersky Labs said its researchers found malware that targeted diplomatic, governmental and scientific research organizations, and gathered data and intelligence from a number of sources.

Kaspersky said its researchers spent several months analyzing the malware, which it also found present in Western Europe and North America.

The malware campaign, which Kaspersky dubbed "Rocra", short for "Red October," is still active with data being sent to multiple command-and-control servers, said the company.

The malware, it said, operates through a complex configuration rivaling the infrastructure of the Flame malware. Registration data used for the purchase of  domain names and timestamps, said the company, suggest the attacks date as far back as May 2007.

The attackers have focused on diplomatic and governmental agencies of various countries across the world and information harvested from infected networks is reused in later attacks, according to the company. Stolen credentials were compiled in a list and used when the attackers needed to guess passwords and network credentials in other locations, it said. To control the network of infected machines, Kaspersky analysts said the attackers created more than 60 domain names and several server hosting locations primarily in Germany and Russia. The control infrastructure is a chain of servers working as proxies and hiding the location of the true -mothership- command and control server, they said.

The attackers created a multi-functional framework capable of applying quick extension of the features that gather intelligence. The system is resistant to server takeover and allows the attacker to recover access to infected machines using alternative communication channels, they said.

Beside traditional attack targets on computer workstations, according to analysts, the system can steal data from mobile devices, like iPhone, Nokia, Windows Mobile smartphones; dump enterprise network equipment configuration; hijack files from removable disk drives (including already deleted files via a custom file recovery procedure); steal e-mail databases from local Outlook storage or remote POP/IMAP server; and siphoning files from local network FTP servers.

Exploits from the documents used in spear phishing, created by other attackers, were used during different cyber attacks against Tibetan activists as well as military and energy sector targets in Asia, according to the company. The only thing that was changed was an executable embedded in the document; the attackers replaced it with their own code.

Kaspersky uncovered a Duqu/Stuxnet-like malware operating in the middle east in August.

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...