back to article 'Red October' has been spying on WORLD LEADERS for 5 years - researchers

Security watchers have discovered a malware-based cyber-espionage campaign targeting diplomats, governments and scientific research institutions worldwide. Operation Red October has targeted Eastern Europe, former Soviet republics, and countries in Central Asia for the past five years, according to Kaspersky Lab. The attack …


This topic is closed for new posts.
  1. Will Godfrey Silver badge

    Ah yes. The benefit of a monoculture.

    Guessing games as to source. Have they not heard of the double bluff?

    1. LarsG


      Spying on Governments and politicians? It would be like trying to understand and make sense of the residents in a Californian Asylum for the criminally insane.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Spying?

        @ Lars:

        California is an Asylum for the criminally insane

    2. Anonymous Coward
      Anonymous Coward

      >Guessing games as to source. Have they not heard of the double bluff?

      This one is SO OBVIOUSLY the Yanks that I'm left wondering whether it was us or the froggies.

      Merde! Sale rôti de bœuf cochon.

    3. Irongut

      Re: The benefit of a monoculture.

      Beacuse "The researchers said the malware also has the capability to steal data from smartphones including Android handsets, iPhones and Windows Phone mobes - including Nokia, Sony Ericsson and HTC models." clearly indicates it only infects one platform.

  2. IT Hack

    Love it...I mean...who the fuck needs security policies let alone enforcement right?

    I reckon it was the Norks...

    Or the Frogs etc...possibly bonobos. Actually my money's on the apes.


    Pint coz well its all a bit much otherwise right?

    1. Anonymous Coward
      Anonymous Coward

      I think we need more information...

      Please tell us more about the hunt for Red October


      (Disappointed you let that one slip through your fingers John!)

  3. Anonymous Coward
    Anonymous Coward

    Putin, Putin, Puddin' and Pie.

    "Based on the registration data of C2 servers and the numerous artifacts left in executables of the malware, there is strong technical evidence to indicate the attackers have Russian-speaking origins,"

    Comrade, say it isn't so.

    1. Destroy All Monsters Silver badge

      Re: Putin, Putin, Puddin' and Pie.

      More likely Chinese working with Iranians who are secretly controlled by Mossad who are financed by the US who are controlled by space lizards.

      1. Ole Juul

        Re: Putin, Putin, Puddin' and Pie.

        I think your logic accelerator needs skid control - there are no space lizards.

        1. Sir Runcible Spoon

          Re: Putin, Putin, Puddin' and Pie.

          " there are no space lizards."

          Nope, they were all born here on Earth

  4. VeganVegan

    Russian humor, or someone making fun of them?

    Did you see the names of the registrants of some of the C&C domains?

    Sergej Dumkovski

    Denis Dumkov

    Denis Ustuygov (used-to-gov?)

    Igor Shaven

    1. eulampios

      A sense of humour

      Dumkov and Dumkovski seem to be a variation on the same name thus might be a made-up one. Ustyugov would (Устюгов, there is a town Великий Устюг) -- again sounds artificial. Igor Shaven is the most unusual but plausible.

      However, all these people if real, might be unaware of this "Red October".

  5. Marshalltown


    "Dumkov" is "Dummkopf" which is German and Ustugov looks like an English joke. Hate to say it but American or British are good bets. But spying on NATO .... hmm. That needs at least one beer.

    1. WatAWorld

      Re: Russian?

      It doesn't say they were spying on NATO, it says NATO was one of the customers of the Acid Cryptofiler product, a product that the malware could penetrate.

      I have zero doubt that the USA spies on the EU and EU nations. I have zero doubt that major EU nations spy on the USA and on each other.

      The artifacts of Russian in the code, those could have been inserted intentionally.

      And the infecting country could well have infected some of its own machines, knowing that there would be no harm in doing so.

      You would probably have to look at what commands were sent, what data was sent back, from multiple infected machines from multiple countries, to try to figure out which country was behind this.

      So this is where all those snoopy privacy destroying logs that ISPs are supposed to keep on us all are supposed to come in.

      So, do they have logs from the past few years that they can go back and look at? Or do our rulers exempt themselves from surveillance?

  6. Best Before:

    FSB 1, NATO 0

    First half result in the new electronic Cold War....

    1. P_0

      Re: FSB 1, NATO 0

      Surely whoever made this malware (assuming it is the Russians) is now 1 down and not 1 up on the enemy (NATO) since they've just been discovered.

      NATO's (or whoever) malware is still out there, undetected.

      1. Best Before:

        Re: FSB 1, NATO 0

        Nah 5 years running without detection they are definitely 1 up, I am sure they expected it to be discovered well before now.

        NATO couldn't find its bottom without a ton of bureaucratic red tape, seriously doubt they could pull off something this clever, unless of course the yanks or Israelis gave them access to the guys who came up with Stuxnet and the other clones.

        1. poohbear

          Re: FSB 1, NATO 0

          If i read between the lines of the article correctly, then the malware was looking for Crytofiler files and sending them back home, where they can be thrown to the supercomputers for decrypting. Nice.

  7. fajensen

    WTF - "Acid Cryptofiler"

    Is it just me or does one get the feeling that an application named like something written by "l33t Haxorz" should probably be shunned for anything more than keeping wife from finding the pr0n collection?

    What is wrong with PGP or SSH? Too boring?

    1. Anonymous Coward
      Anonymous Coward

      Re: WTF - "Acid Cryptofiler"

      Perhaps the first part of the name is a little nod at the inspiration behind the second? B-)

  8. TkH11


    According to Wikipedia, Cryptofiler isn't used for classified information.

    1. Johan Bastiaansen

      Re: Cryptofiler

      No harm done then.

This topic is closed for new posts.

Other stories you might like