Russian special forces © Darren Baker, Shutterstock 2012

CeBIT 2013: Red October Had EU And German Crypto Codes – Kaspersky

Red October cyber spies could read military and government secrets, says Kaspersky

On by Peter Judge 0

The Red October cyber-espionage campaign had access to encryption keys which allowed it to read secret European and German documents. Kaspersky, the Russian security firm which first described the malware-based snooping operation in January, presented more details during a press conference at the CeBIT show in Hanover, Germany.

Red October operated for at least five years, attacking embassies and government bodies, stealing information from PCs and smartphones, by infecting devices with malware using flaws such as the recent Adobe weakness. Kaspersky said the outfit must have had Russian origins, or been created by Russian speakers, as there was evidence in the payload, of a command which translates the character encoding to the Russian Cyrillic alphabet.

St. Basil's Cathedral on Red square, Moscow, RussiaSecrets Read By Red October

The campaign may have been more dangerous than was thought at first, because the culprits appear to have had access to the keys for major cryptography systems, used by the European Union, NATO and the German government, said Costin Raiu, head of research at Kaspersky Labs.

The attackers appeared to posses the keys allowing them to decode exchanges using the German Chiasmus government encryption program, as well as the Acid Cryptofiler, used by NATO and the EU, said Raiu.

Costin Raiu Kaspersky

The campaign was very sophisticated, with bespoke malware aimed at specific targets, showing the that culprits knew exactly what they wanted. The basic malware underlying the attacks was largely re-used from known code of Chinese origin, that was made public following attempts to spy on Tibetan activists.

The malware used flaws in Adobe, Microsoft Word and Microsoft Excel to attack its victims.

Despite its sophistication, it appeared to fall apart after it was exposed. The command and control systems of Red October were dismantled hours after it was exposed, Raiu told TechWeekEurope in January.

Red October is part of a series of apparently political cyber expionage campaigns which also includes the Flame and Gauss operations,  which also hit government bodies.

Reporting by Peter Marwan of


What do you know about IT in Russia? Try our quiz, Tovarisch!

Peter Judge
Author: Peter Judge
Editor, TechWeekEurope
Peter Judge Peter Judge Peter Judge Peter Judge
Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment

0 replies to CeBIT 2013: Red October Had EU And German Crypto Codes – Kaspersky

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>