operationredoctobercyberattackgovernment-620x537_610x528

Kaspersky Labs has discovered a new malware that targets members of governments, political groups, and research institutions, called Red October, or Rocra. This malware mostly targets Eastern Europe, former USSR members, and central Asia, with a few sightings in North America.

The malware is sent via a spear-phishing email which, according to the firm, targets carefully-selected victims with an organization. Containing at least three different exploits in Microsoft Excel and Word, the infected files, once downloaded, drops a trojan on to the machine which then scans the local network to detect if any other devices are vulnerable to the same security flaw.

By dropping modules that can complete a number of “tasks,” usually as .dll libraries, an infected machine obeys commands sent by the command center and then immediately discards the evidence. Separated in to “persistent” and “one-time” tasks, the malware is able to spy and steal in a number of ways, including:

•Waiting for a Microsoft Office or PDF document and executing a malicious payload embedded in that document;
•Creating one-way covert channels of communication,
•Recording keystrokes, making screenshots,
•Retrieve e-mail messages and attachments;
•Collect general software and hardware environment information,
•Extracting browsing history from Chrome, Firefox, Internet Explorer, Opera, and saving passwords,
•Extracting Windows account hashes;
•Extract Outlook account information,
•Performing network scans, dump configuration data from Cisco devices if available.

Some .exe services remain running in the background and wait for a phone to connect. So far it appears to target Microsoft’s Windows Phone, Nokia phones, and the Apple iPhone.

Find more information at CNet.