India is among the nations hit by a cyber espionage that has been
targeting diplomatic, governmental as well as scientific research
organisation at least for five years, according to a Russian cyber
security firm.
Termed as 'Red October', the campaign (named after the
famous novel 'The Hunt For The Red October' by Tom Clancy) has
significantly hit Russia, Kazakhstan, India, Azerbaijan and Belgium,
among others, Kaspersky Lab said in a report Monday.
The cyber
espionage campaign 'Rocra' (short for Red October) has infected hundreds
of victims worldwide across eight categories 'Government,
Diplomatic/embassies, Research institutions, Trade and commerce,
Nuclear/energy research, Oil and gas companies, Aerospace and Military'.
"The
earliest evidence indicates that the cyber-espionage campaign was
active since 2007 and is still active at the time of writing (January
2013)," the firm said.
Based on Kaspersky Security Network (KSN),
the list of countries that have seen most number of infections is topped
by Russia at 35. It is followed by Kazakhstan (21) while India,
Azerbaijan and Belgium witnessed 15 infections each.
Other nations
impacted include Afghanistan (10), Armenia (10), Iran and Turkmenistan
(7 each), Ukraine, Vietnam and the US (6 each), Pakistan (5) and Brazil
(4).
Only countries that have seen more than five infections have been included in the list.
"It
is quite possible there are other targeted sectors which haven't been
discovered yet or have been attacked in the past," Kaspersky cautioned
in the report.
It noted that at present there is no evidence of the campaign having links "with a nation-state sponsored attack".
According to the report, the targets were mainly countries in Eastern Europe, former USSR Republics, and Central Asia.
"The
main objective of the attackers was to gather sensitive documents from
the compromised organisations, which included geopolitical intelligence,
credentials to access classified computer systems, and data from
personal mobile devices and network equipment," Kaspersky said.
Regarding the perpetrators, the report said that currently there is no evidence of links "with a nation-state sponsored attack".
It
noted that the information stolen by the attackers is obviously of the
highest level and includes geopolitical data which can be used by nation
states.
"Such information could be traded in the underground and
sold to the highest bidder, which can be of course, anywhere," it added.
While
the "exploits appear to have been created by Chinese hackers", the
Rocra malware modules have been created by Russian-speaking operatives,
the report said.