I laboratori Kaspersky hanno individuato un nuovo malware, chiamato “Red October” o “Rocra”.
In base a ciò che riporta il Washington Post di oggi il malware avrebbe operato su scala pressochè globale, Italia compresa, infettando computer di agenzie governative ma anche dell’Unione Europea e della NATO. In pratica, un’operazione

[…] The newly discovered malware, called Rocra, has been in existence for at least five years and appears to have been written by Russian speakers using Chinese exploit code that silently installs malware. It was still active as of early January.
Among other things, Rocra has been used to steal encrypted files and decryption keys used by European Union organizations and NATO, said Roel Schouwenberg, a Kaspersky researcher based in Boston.
The malware also can map out the internal layout of a computer network, the configuration of routers, and hijack files from thumb drives and smartphones, he said. It records keystrokes, makes screenshots, recovers deleted files and encrypts data it steals. It makes unique identifiers for each target to more easily catalogue the data stolen.
Rocra is not as sophisticated as Flame, which spread through Windows software updates. But it appears to be far more elegant than the “rudimentary” malware coming from China, which has been used to siphon vast amounts of proprietary data from companies and governments around the world, Schouwenberg said.
Kaspersky’s researchers began analyzing the malware in October and determined it was targeting organizations mostly in Eastern Europe, but also in Central Asia, Western Europe and North America. Targets include trade and commerce organizations, nuclear and energy research groups, oil and gas companies and the aerospace industry. They also include a handful of non-U.S. diplomatic organizations inside the United States.[…]