Home / Software & Gaming / Security / Russian digital security leak has been ongoing for years

Russian digital security leak has been ongoing for years

Russian researchers have discovered a piece of malware that is believed to have been consistently leaking confidential documents from embassies, government facilities, nuclear research centres and oil and gas companies for almost half a decade.

The malware exploited a bug in government systems that allowed it to recover deleted files from USB drives, with a particular focus on documents that could contain confidential data: PDFs, word documents etc. Anti viral firm, Kaspersky Labs said while speaking to the BBC: “The primary focus of this campaign targets countries in Eastern Europe, former USSR Republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America.”

“The main objective of the attackers was to gather sensitive documents from the compromised organisations, which included geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment.”

Russia
But do they know about the pool on the roof?

The attack has been named ‘Red October,’ after the submarine from the Tom Clancy novel, which seems like an odd choice since Red October turned out to be rather harmless. However, several individuals were specifically targeted by the digital attack, suggesting social engineering as well as traditional software hacking was used.

It’s thought that those behind the attack could be based in Russia, based on some of the language sued in the code for the malware. However, Kapersky has warned that this could be a red herring designed to throw off any sort of search for the creators.

The full, 100 page report on Red October is set to be published later this week where more information will be revealed.

KitGuru Says: Nobody has seen Sean Connery act for a few years. What if he was behind all this?

Become a Patron!

Check Also

MSI warns of imposter Afterburner site spreading malware

MSI is issuing a security warning this week, as a malicious website impersonating MSI’s official …