Just last week, the Department of Homeland Security warned about security flaws in Oracle’s Java software — so much so that it advised people avoid using it all together. Now it has been revealed that Java’s vulnerability was used by a cyberattack operation dubbed “Red October,” which has been infiltrating government networks around the world for the last few years.
The research identifying the cyberattack was done by Kaspersky Labs Global Research & Analysis Team and published on the website Securelist. It states that diplomatic, governmental and scientific research organizations in several countries, mostly in Eastern Europe and Central Asia, were the target of attacks beginning in 2007.
(Image via Securelist)
Kaspersky said the information being stolen is “of the highest level” and includes geopolitical data that could be used by nation states and has the potential to be “traded [...] underground and sold to the highest bidder, which can be of course, anywhere.” Kaspersky also said the information collected was from “high profile victims,” but it is not known how the information was used.
It is unknown who launched the attack, but Kaspersky does point out these two factors:
- The exploits appear to have been created by Chinese hackers.
- The Rocra malware modules have been created by Russian-speaking operatives.
In addition to exploiting vulnerabilities in Java, the reported stated known exploits in Microsoft’s Word and Excel were used by the attackers to access systems as well. The malware was also reported to be able to infiltrate smartphones to obtain information.
“Information harvested from infected networks was reused in later attacks,” the report stated in its main finding’s section. “For example, stolen credentials were compiled in a list and used when the attackers needed to guess secret phrase in other locations. To control the network of infected machines, the attackers created more than 60 domain names and several server hosting locations in different countries (mainly Germany and Russia). The C&C infrastructure is actually a chain of servers working as proxies and hiding the location of the ‘mothership’ control server.”
(Image via Securelist)
According to CNET, Kaspersky believes the cyberattack is still active and is similar in complexity to the Flame malware, which was identified last year.
And in case you’re wondering, the name of the operation — Red October — is in fact named after the novel “The Hunt for Red October.”
Read more about the cyberattack attack in Kaspersky Labs’ report here.
Submitting your tip... please wait!
clinker
Jan. 19, 2013 at 6:43amI smell a loss of all those secret EPA employee emails, don’t you?
Report this comment
media-bias-steals-elections
Jan. 18, 2013 at 6:13amIt’s probably just a matter of time before these things cross pollinate and then wipe out the hacker machines and all the stuff they stole? Imagine how much money they would have made spending that time more productively, instead of trying to decipher what does not belong to them?
Report this comment
taintso
Jan. 18, 2013 at 12:17amWas it selective and only destroy Obummers, Holder’s, and Hilliary’s records?
Report this comment
environmentalandawake
Jan. 17, 2013 at 2:16pmOK, let’s get this straight. They spend like drunken teens, have their finger on the button, wish to disarm Us, don’t have everyones gold secured, and can’t even secure Our data? Does anyone in DC operate in the realm of Logic? Time to shut this Social Experiment down and now!!!
Report this comment
Topcat
Jan. 17, 2013 at 2:07pmI have been in computers since the beginning , I had an IBM PC and an external hard drive in my business , that was a 20 meg drive , on a 12 inch disk. I also wrote the operational software for that business .
So here is my question , why is the government , with all its experts , only discovering now that Java is a threat , It has had that reputation since the beginning over 25 years ago . Netscape and Netscape Navigator back in the mid 90s had market share even over IE , was Java based and collapsed due to its vulnerability of being hacked. Shortly before its acquisition by AOL, for $10Billion , Netscape released the source code for its browser and created the Mozilla Organization to coordinate future development of its product. The Mozilla Organization rewrote the entire browser’s source code based on the Gecko rendering engine . The Gecko engine would later be used to power the Mozilla Foundation’s Firefox browser. Browsers such as Microsoft Mobil and Google Chrome are Java based browsers , to be fair Google says they are attempting to fix the Java problems and have renamed there programming language Dart . Most of the experts say that Java problems are never going to be fixed , no matter what changes. Why is this important now ? Because these are the web browsers in your cell phone.
Report this comment
imperative
Jan. 18, 2013 at 12:41amGoogle Chrome is Java-based?
Chrome is a product of the Google-backed open source Chromium project. http://www.chromium.org/Home It’s source is written in C++. I’m not sure what you mean when you say it’s Java-based.
The “rename” of the programming language to “Dart” is not a rename at all. It’s a new scripting language not currently available in Chrome, but available in the Chromium developer builds. It’s meant to be an alternative to JavaScript, which has *nothing* to do with Java.
Report this comment
Eastinfection
Jan. 17, 2013 at 1:59pmI have been having scripting issues for months. MBAM, McAfee, Defender, and Combofix are are getting hung up when they scan my scripting files… Firefox & Word frequently give (not responding) messages.
Wondering if this is related to that somehow?
Report this comment
J@ck_KvK
Jan. 17, 2013 at 3:03pm@EAST
As a White Hat hacker I will definitively state an answer to your speculation: maybe :-)
I would definitely be suspicious of any scripts unless you trust the source. Howerver, there is nowhere near enough information to answer completely, but I also wouldn’t recommend being overly paranoid. If multiple applications are having a hard time reading the file, it is more likely a disk corruption to blame than malware.
Report this comment
Eastinfection
Jan. 17, 2013 at 7:51pmthanks J@CK_KVK..
MONK helped me out for a while with it & i got kinda lazy about it when things went from terrible (BFE wiped out & BSOD 2x daily) to just a little annoying (occasional “not responding” messages, rare firewall failures). Spose i should get off my **** & do something about it soon.
Report this comment
SGT Rock
Jan. 17, 2013 at 12:30pmNext they will shutdown the internet and activate Skynet.
Report this comment
barber2
Jan. 17, 2013 at 12:21pmAny wonder what the next global catastrophe will be caused by ? Other than the Obama Administration’s bungling …..
Report this comment
Snowleopard {gallery of cat folks}
Jan. 17, 2013 at 12:14pmThis sounds like preparations for a serious cyber-war opening move on the part of China and Russia. It would fit Obama’s agenda to the letter for an ‘event’ to seize ever more power and control into his hands and that of the Federal government.
Report this comment
raabhimself
Jan. 17, 2013 at 12:03pmGive it a month…I bet we will finally see Obama’s college transcripts…
Report this comment
taxpro4u03
Jan. 17, 2013 at 12:54pmThey do not ‘exist.’ — Takes a while to BACKDATE (as opposed to legitimately reconstruct, if say, there was a cyber-fire that wiped the cloud or something….) burned up the hardcopies or the dog ate it excuses – particularly in ‘finding’ appropriate character actors to fill the roles — moral — it doesn’t matter if he’s ‘legit and “legal” to be CEO — the reality — is — he is…. it’s not the ‘person’ in the office, rather the INFORMATION that comes OUT of it, and the perceptions of good or bad and affect it has on the PEOPLE he claims to represent — Quite suprized he hasn’t actually pulled an FDR and taken that debt money and totally thrown it into ‘rebuilding America’ from the infrastructure UP — “gotta be a REASON…” BRB — gotta download my board and bike to Central and walk my wife’s for her – she’s disabled and can’t have her going to ReCy just yet… she still has VALUE to ME — and that is really all that matters in the end. Focus on the ‘problem,’ you can never see the solution — proactive versus reactive — ‘free-will’ — Choose. How’s your throwin arm? Can you still knock down a prairie chicken? Time to FISH or Cut Bait… Time to convert to a resource based economy from a monetary based economy til the powers that be reset the concept of ‘money.’ Partner up and teach each other – Politicians don’t fix things. Technicians do. Be a technician in whatever skill set you have. Yakkity-yak fixes nothing…
Report this comment
environmentalandawake
Jan. 17, 2013 at 2:12pmFor that just go to the Nobel Committee….He must have submitted something that they awarded him for
Report this comment
raabhimself
Jan. 17, 2013 at 2:49pm@Tax…
Got it…
Report this comment
DougHuffman
Jan. 17, 2013 at 12:01pmUtter DHS agit-prop distraction. Oracle’s Java 7u12 is itself flawed. Many are waiting Critical Patch Update Java 7u13 without a functioning JRE, reminding US of Micky$oft’s “Defective by Design.”
Java must have a rewrite.
Report this comment
DougHuffman
Jan. 17, 2013 at 12:25pmI note, apropos contemporary mental-health/gun control politics; Oracle occupies the campus of the previous California State Mental Facility at Agnews, alviso, California – once the anus of SF Bay.
Report this comment
Shasta
Jan. 17, 2013 at 12:31pmNot sure at all what you are saying. Critical patch update will not have a functional JRE? Without a JRE, Java is just a developer tool. I am missing your point.
Report this comment
DougHuffman
Jan. 17, 2013 at 12:58pmPerhaps I was not clear. …waiting without a functioning Java.
Report this comment
Dr.Doofenschmirtz
Jan. 17, 2013 at 3:22pmNot exaclty sure what all you’re talking about there Doug, but I’m entertained by it.
Report this comment
G-WHIZ
Jan. 18, 2013 at 12:06pmI have had many cellPhones which use JAVA and non have had “problems” besides a battery-not-holding-a-charge. The cost is almost the same to ditch-the-phone instead of just-the-battery. The “tech-upgrades” are way-better with each new phone. My last “upgrade-phone” works as good as a line-phone in my “bad-cell-area” in Michigan. The last improvements were in cell-reception. It’s 2yrs-old now and will only dump-it when battery gits weak.
Report this comment