Red October (malware) - Wikipedia

Jump to content

Contents

move to sidebar hide

• (Top)
• 1 References
• 2 External links

• Article
• Talk

English

• Read
• Edit
• View history

Tools Tools move to sidebar hide Actions

• Read
• Edit
• View history

General

• What links here
• Related changes
• Upload file
• Permanent link
• Page information
• Cite this page
• Get shortened URL
• Download QR code

Print/export

• Download as PDF
• Printable version

In other projects

• Wikidata item

Appearance move to sidebar hide From Wikipedia, the free encyclopedia Cyberespionage malware

Operation Red October or Red October was a cyberespionage malware program discovered in October 2012 and uncovered in January 2013 by Russian firm Kaspersky Lab. The malware was reportedly operating worldwide for up to five years prior to discovery, transmitting information ranging from diplomatic secrets to personal information, including from mobile devices. The primary vectors used to install the malware were emails containing attached documents that exploited vulnerabilities in Microsoft Word and Excel.[1][2] Later, a webpage was found that exploited a known vulnerability in the Java browser plugin.[1][3] Red October was termed an advanced cyberespionage campaign intended to target diplomatic, governmental and scientific research organizations worldwide.

A map of the extent of the operation was released by the Kaspersky Lab – the "Moscow-based antivirus firm that uncovered the campaign."[4]

After being revealed, domain registrars and hosting companies shut down as many as 60 domains, used by the virus creators to receive information. The attackers, themselves, shut down their end of the operation, as well.[citation needed]

The perpetrator of the operation has not been conclusively determined but it appeared to have been in operation on some level since May 2007 at the latest. According to Kaspersky Lab, Russian slang words were found in the code which would be "generally unknown to non-native Russian speakers." However, the program also appeared to be built on existing exploits developed by Chinese hackers and previously used against Tibetan activists.[4]

Operation Red October Cyber Breaches[4]

Country	Government	Embassy (Diplomatic)	Military	Nuclear / Energy Research	Aerospace	Oil & Gas Industry	Trade and Commerce	Research Institutions	Unknown Victims
United States	No	Yes	No	No	No	No	No	No	No
Russia	No	Yes	Yes	Yes	No	No	No	Yes	No
Belarus	Yes	Yes	Yes	Yes	No	Yes	No	Yes	No
Kazakhstan	Yes	Yes	Yes	Yes	Yes	No	No	No	No
United Arab Emirates	Yes	Yes	No	Yes	No	Yes	No	No	No
Azerbaijan	No	Yes	No	Yes	No	Yes	No	Yes	No
Turkmenistan	Yes	No	No	Yes	No	Yes	No	No	No
Afghanistan	Yes	Yes	Yes	No	No	No	No	No	No
Moldova	Yes	Yes	Yes	No	No	No	No	No	No
France	No	Yes	Yes	No	No	No	No	No	No
Spain	Yes	Yes	No	No	No	No	No	No	No
Armenia	Yes	Yes	No	No	No	No	No	No	No
Cyprus	Yes	Yes	No	No	No	No	No	No	No
Iraq	Yes	No	No	No	No	No	No	No	No
Brunei	Yes	No	No	No	No	No	No	No	No
Luxembourg	Yes	No	No	No	No	No	No	No	No
India	No	Yes	No	No	No	No	No	No	No
Uganda	No	Yes	No	No	No	No	No	No	No
Pakistan	No	Yes	No	No	No	No	No	No	No
Oman	No	Yes	No	No	No	No	No	No	No
Saudi Arabia	No	Yes	No	No	No	No	No	No	No
Italy	No	Yes	No	No	No	No	No	No	No
Portugal	No	Yes	No	No	No	No	No	No	No
Morocco	No	Yes	No	No	No	No	No	No	No
Israel	No	Yes	No	No	No	No	No	No	No
Jordan	No	Yes	No	No	No	No	No	No	No
Greece	No	Yes	No	No	No	No	No	No	No
Ireland	No	Yes	No	No	No	No	No	No	No
Belgium	No	Yes	No	No	No	No	No	No	No
Germany	No	Yes	No	No	No	No	No	No	No
Hungary	No	Yes	No	No	No	No	No	No	No
Mauritania	No	Yes	No	No	No	No	No	No	No
Congo	No	Yes	No	No	No	No	No	No	No
South Africa	No	Yes	No	No	No	No	No	No	No
Botswana	No	Yes	No	No	No	No	No	No	No
Mozambique	No	Yes	No	No	No	No	No	No	No
Tanzania	No	Yes	No	No	No	No	No	No	No
Kenya	No	Yes	No	No	No	No	No	No	No
Lithuania	No	Yes	No	No	No	No	No	No	No
Latvia	No	Yes	No	No	No	No	No	No	No
Turkey	No	Yes	No	No	No	No	No	No	No
Iran	No	Yes	No	No	No	No	No	No	No
Uzbekistan	No	Yes	No	No	No	No	No	No	No
Kuwait	No	Yes	No	No	No	No	No	No	No
Switzerland	No	Yes	No	No	No	No	No	No	No
Lebanon	No	Yes	No	No	No	No	No	No	No
Austria	No	Yes	No	No	No	No	No	No	No
Georgia	No	Yes	No	No	No	No	No	No	No
Bosnia & Herzegovina	No	Yes	No	No	No	No	No	No	No
Serbia	No	No	No	No	No	No	No	No	Yes
Finland	No	No	No	No	No	No	No	No	Yes
Czech Republic	No	No	No	No	No	No	No	No	Yes
Slovakia	No	No	No	No	No	No	No	No	Yes
Macedonia	No	No	No	No	No	No	No	No	Yes
Albania	No	No	No	No	No	No	No	No	Yes
Mali	No	No	No	No	No	No	No	No	Yes
Australia	No	No	No	No	No	No	No	No	Yes
Chile	No	No	No	No	No	No	No	No	Yes
Brazil	No	No	No	No	No	No	No	No	Yes
Ethiopia	No	No	No	No	No	No	No	No	Yes
Bulgaria	No	No	No	No	No	No	No	No	Yes
Bahrain	No	No	No	No	No	No	No	No	Yes
Slovakia	No	No	No	No	No	No	No	No	Yes

References

[edit]

1. ^ a b McAllister, Neil (16 Jan 2013). "Surprised? Old Java exploit helped spread Red October spyware". The Register.
2. ^ "The "Red October" Campaign – An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies". Kaspersky Lab. 3 Mar 2014. Archived from the original on 2013-01-15.
3. ^ Goodin, Dan (15 Jan 2013). "Red October relied on Java exploit to infect PCs". Ars Technica.
4. ^ a b c Zetter, Kim (January 14, 2013). "Cybersleuths Uncover 5-Year Spy Operation Targeting Governments, Others". Wired. Retrieved 25 January 2023.

External links

[edit]

• Info at kaspersky.com

v t e Hacking in the 2010s
← 2000s Timeline 2020s →
Major incidents	2010 Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback 2011 Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise 2012 LinkedIn hack Stratfor email leak Operation High Roller 2013 South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks 2014 Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach 2015 Office of Personnel Management data breach HackingTeam Ashley Madison data breach TalkTalk data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack 2016 Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack 2017 SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Equifax data breach Deloitte breach Disqus breach 2018 Trustico Atlanta cyberattack British Airways data breach SingHealth data breach 2019 Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident
Hacktivism	Anonymous associated events CyberBerkut GNAA Goatse Security Lizard Squad LulzRaft LulzSec New World Hackers NullCrew OurMine PayPal 14 RedHack Teamp0ison TDO UGNazi Ukrainian Cyber Alliance
Groups	Appin Bangladesh Black Hat Hackers Bureau 121 Charming Kitten Cozy Bear Dark Basin DarkMatter Elfin Team Equation Group Fancy Bear GOSSIPGIRL (confederation) Guccifer 2.0 Hacking Team Helix Kitten Iranian Cyber Army Islamic State Hacking Division Lazarus Group BlueNorOff AndAriel Lords of Dharmaraja NSO Group Numbered Panda PLA Unit 61398 PLA Unit 61486 PLATINUM Pranknet Red Apollo Rocket Kitten Stealth Falcon Syrian Electronic Army Tailored Access Operations The Shadow Brokers xDedic Yemen Cyber Army
Individuals	Ryan Ackroyd Mustafa Al-Bassam Kim Anh Vo George Hotz Guccifer Elliott Gunton Jeremy Hammond Sam Hocevar Junaid Hussain MLT Sabu Track2 Topiary The Jester
Major vulnerabilitiespublicly disclosed	Evercookie (2010) iSeeYou (2013) Heartbleed (2014) Shellshock (2014) POODLE (2014) Rootpipe (2014) Row hammer (2014) SS7 vulnerabilities (2014) WinShock (2014) JASBUG (2015) Stagefright (2015) DROWN (2016) Badlock (2016) Dirty COW (2016) Cloudbleed (2017) Broadcom Wi-Fi (2017) EternalBlue (2017) DoublePulsar (2017) Silent Bob is Silent (2017) KRACK (2017) ROCA vulnerability (2017) BlueBorne (2017) Meltdown (2018) Spectre (2018) EFAIL (2018) Exactis (2018) Speculative Store Bypass (2018) Lazy FP state restore (2018) TLBleed (2018) SigSpoof (2018) Foreshadow (2018) Dragonblood (2019) Microarchitectural Data Sampling (2019) BlueKeep (2019) Kr00k (2019)
Malware	2010 Bad Rabbit Black Energy 2 SpyEye Stuxnet 2011 Coreflood Alureon Duqu Kelihos Metulji botnet Stars 2012 Carna Dexter FBI Flame Mahdi Red October Shamoon 2013 CryptoLocker DarkSeoul 2014 Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin 2015 Dridex Hidden Tear Rombertik TeslaCrypt Project Sauron 2016 Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya Philadelphia X-Agent 2017 BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy 2018 Annabelle VPNFilter 2019 Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

Retrieved from "https://en.wikipedia.org/w/index.php?title=Red_October_(malware)&oldid=1313017733" Categories:

• Spyware
• Hacking in the 2010s
• Espionage in Russia
• Cybercrime in India

Hidden categories:

• Articles with short description
• Short description matches Wikidata
• All articles with unsourced statements
• Articles with unsourced statements from August 2016

Search Search Toggle the table of contents Red October (malware) 1 language Add topic