In operation since 2007, the campaign employs 1,000 unique modules that create individualized attacks aimed at specific desktop computers, Cisco networking equipment, and smartphones from Apple, Nokia and Microsoft. More than 60 domain names are used as proxy servers to disguise the source of the attacks.
"The information stolen by the attackers is obviously of the highest level and includes geopolitical data which can be used by nation states. Such information could be traded in the underground and sold to the highest bidder, which can be of course, anywhere," researchers from Kaspersky wrote in a company blog post.
Kaspersky's Operation "Red October" map (below) plots the locations of eight different kinds of targets, along with a separate category of unknown victims. Target categories include government, diplomatic/embassies, research institutions, trade and commerce, nuclear/energy research, oil and gas companies, military, and aerospace. Red October attacks against the United States are classified as diplomatic/embassies.
There is a possibility the attack has already extracted hundreds of terabytes of sensitive information.
