U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Hunt for Red October: The New Face of Cyber Espionage

NCJ Number
.SIAK-Journal International Edition Volume: 4 Dated: 2014 Pages: 87-95
Maschenka Braganca
Date Published
9 pages
This article reviews the details of Operation Red October - the newly discovered cyber espionage campaign that has targeted a range of diplomatic facilities, defense companies, and energy firms around the world.
The author examines the nature, impact, and methods of Red October. During the past 5 years, Operation Red October has successfully infiltrated computer networks at just over 350 diplomatic, governmental, and scientific research organizations, obtaining data and intelligence from mobile devices, computer systems, and network equipment. There was a significant prevalence of attacks in Eastern Europe and former Soviet republics. Its malware network is one of the most advanced online espionage operations discovered to date. The researchers from Kaspersky Lab have given the malware the name "Red October," shortened to "Rocra." Besides exfiltration of documents, Rocra has also been used to steal encrypted files and decryption keys used by the European Union and NATO. The targets clearly show the interest in geopolitically significant information and government secrets. The description of the architecture and vectors of Rocra addresses methods used to infect victims and to insert the payload that unfolds once the system is infected through a multi-layered platform. Regarding the attribution and motivation for Rocra, cyberspace is a gray zone with little to no clarity. Russian-speakers are involved at least at the lowest level of the attack. Also, Russian slang words keep appearing in the code. The perpetrator that night have ordered and planned the campaign, however, could be someone else. The nature of the intrusions suggests that any principal would need the appropriate financial means, which means that a national government and intelligence service might have funded it. The article concludes with a brief discussion of what is being done and what needs to be done to counter such sophisticated technology. 13 references