"It's a very interesting case study," says Sean Sullivan, security adviser at F-Secure, the anti-malware firm headquartered in Finland. The entire operation could well involve Russia's "competing oligarchs," a term often used to describe the business magnates and billionaires who rose to power in industries such as oil and gas after the official end of the Soviet Union. Their battles among themselves and the Russian government have spilled with vehemence into the public eye from time to time. Still, in the drama of Kaspersky's "Red October," the espionage might still have something to do with China, Sullivan says.
Kaspersky Lab, which so far has merely stated it appears the cyber-espionage is organized by Russian speakers, isn't saying more yet, though the firm is pushing out volumes of technical detail about the malware dubbed Rocra for short, claiming it all means that the Red October cyber-espionage rivals that of the Flame botnet cyber-espionage discovery Kaspersky made last year. So far, the security firm is describing the individuals as "high-profile" people associated with government agencies and embassies, nuclear and energy research organizations and companies in the oil, gas and aerospace industries. Most targets have been in Russia, Kazakhstan or Azerbaijan, according to what Kaspersky has said so far.
Sullivan says so far the technical descriptions of Red October supplied by Kaspersky Lab do not make it that unusual from any other botnet-controlled effort to compromise victim computers or mobile devices.
But as Kaspersky unwinds its tale of Red October there was a blog item today about more technical aspects with a full report expected out within the next few days -- there is one aspect of it that should be no surprise. Like many other anti-malware firms that have garnered headlines due to botnets they uncovered McAfee, for instance, has done much the same in the past there's the benefit in boosting the brand name in the public eye as headlines appear. Kaspersky says its discovery came from someone who asked the security firm last October to look into a spear-phishing campaign.