Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Red October malware updated, targets diplomats, military, executives

Red October malware updated, targets diplomats, military, executives
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Dec 11, 2014, 11:40 PM
 
Beginning in Russia and spreading quickly to other countries, a new variation on the formerly-dormant Red October malware has been detected by security firms such as Blue Coat and Kaspersky this week. The new version -- which is notably targeting smartphones of diplomats, military leaders and business executives -- contains a level of sophistication in the function and code that suggests a rogue state, which would have the resources to assemble the talent, is backing the attack.



As a reference to the many layers of the malware, and as a variation on the book/movie title given to the previous incarnation, Blue Coat has dubbed the new malware "Inception," while Kapersky has opted for the name "Cloud Atlas." The way it works is that phishing emails are sent out to key individuals in industry, finance, military, and other sensitive circles with an attachment that exploits vulnerabilities in Rich Text Format (RTF) announced by Microsoft in March. The attack does not work on non-jailbroken iOS devices, but could conceivably penetrate jailbroken iPhones and iPads. An iOS version of the malware has been seen on the command-and-control servers, and Windows machines and Macs running outdated versions of Microsoft Office could also be at risk.

Utilizing a large network of compromised routers in South Korea, the malware uploads encrypted information (including recorded calls saved as mp3s) to a free Swedish remote storage service, Cloudme which uses the WebDAV protocol. Blue Coat has noted that they didn't believe Cloudme is an actual part of the organization behind the attack, but the company's free service is simply being utilized by the actual hackers. That avenue will likely be dismantled shortly if it hasn't already been closed off.

In its announcement on Wednesday, Kaspersky compared and contrasted this cyber-espionage campaign. Similarities and differences are discussed, such as the tactic used to get diplomats to open the infected text file: an offer about a diplomatic car for sale at a good price. The post also discusses how the malware works on Blackberry devices.

When Kaspersky published their findings on Red October back in 2013, the effort was shut down and the C&C network dismantled, presumably by those where were running it. Due to the similarities in style, and the lining up of similar targets, experts at Kaspersky believes the new malware represents efforts by the same group behind "Red October."
( Last edited by NewsPoster; Dec 11, 2014 at 11:40 PM. )
     
smacker
Fresh-Faced Recruit
Join Date: Apr 2003
Status: Offline
Reply With Quote
Dec 12, 2014, 02:00 AM
 
What Business Person or diplomat owns a jailbroken phone?!
     
msuper69
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
Dec 12, 2014, 04:42 AM
 
You jailbreak, you suffer the consequences.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 01:07 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,