Viewings: 6523
Five years unknown cyber spying on government organizations worldwide.
Kaspersky labs" announced the discovery of a large-scale cybercriminal groups, which for the last five years is spying on diplomatic, government and research organisations around the world. As they say in the message of the company, the main purposes of hackers are computer systems and the corporate network located on the territory of Russia and countries of the former USSR and Eastern Europe. Also in the list of countries victims of hackers included the USA, Greece, Italy, Switzerland, UAE and Uganda.
The investigation of attacks on computer networks in international diplomatic missions of experts "Lab" began in October last year on the order of his partner, who "prefers to remain anonymous". As it turned out, the purpose of the criminals were not only diplomatic and government agencies around the world, but also the companies engaged in energy, including nuclear, space agencies, scientific research institutes.
In an operation code-named "Red October", which began in 2007 and continues till now, cybercriminals use a unique modular architecture, consisting of malicious extensions. In the anti-virus database Kaspersky Labs" it has the name Backdoor.Win32.Sputnik.
"For contamination of the criminals send out phishing emails addressed to specific recipients in the organization. The composition of the letter was part of a special Trojan horse program, to install a writing containing the code to exploit vulnerabilities in Microsoft Office. These exploits have been created by hackers and used various cyber attacks aimed at Tibetan activists and military and energy sectors of several countries of the Asian region", the report says "Lab".
In the end, the hackers had stolen from infected systems of the information contained in files of various formats. Experts "Kaspersky Lab" found, among other files with the extension acid*that says about their belonging to a secret software Acid Cryptofiler used a number of organizations, members of the EU and NATO.
To control a network of infected systems criminals have used more than 60 domain names and servers located in different countries of the world, mostly in Germany and Russia. When this number of points allows to speak about the Russian origin of the attackers. So, several files contain words in Russian, written in Latin, for example, "zakladka" or slang "proga". However, to make clear what country were organized attack impossible.
"The information stolen by an attacker obviously extremely confidential and includes, in particular, different geopolitical data, which can be used at the state level. Such information may be auctioned on "the black market" and sold to anyone who offers the highest price", - experts say.
Kirill ROZHKOV