A form of malware, the virus reportedly affects a variety of entities including networks belonging to governments, scientific research organizations along with diplomatic presences.
The target areas of Red October appear broad with areas affected including mostly Eastern Europe but along with other places such as former USSR members and Central Asia.
Through the operation, hackers can steal documents with a number of extensions including .txt, .docx, .doc, .key, .csv and numerous others.
“The campaign, identified as “Rocra”, short for “Red October”, is currently still active with data being sent to multiple command-and-control servers, through a configuration which rivals in complexity the infrastructure of the Flame malware. Registration data used for the purchase of C&C domain names and PE timestamps from collected executables suggest that these attacks date as far back as May 2007,” stated Kaspersky in a blog post.
The security firm noted it had been tracking the malware for a number of months and those administering the virus were reliant on a multi-functional framework. Unlike Flame and Stuxnet though, the virus may not be an attack from a nation-state with Kaspersky noting no evidence for such a notion exists.