Cyber Espionage Campaign Targets Russia, Eastern Europe

A new cyber espionage campaign is primarily targeting Russian companies in major sectors, such as oil, finance, military or engineering, as well as Russian embassies


MOSCOW, December 12, (Sputnik) - A new cyber espionage campaign called Cloud Atlas, targeting companies and embassies primarily in Russia, reflects a keen interest in the region, and is not a reflection of the weak security of the victims, Kaspersky Lab told Sputnik Friday.

Russian embassies being targeted? Pure coincidence
Russian embassies being targeted? Pure coincidence

On Wednesday, Kaspersky Labs' Global Research & Analysis Team reported a new cyber espionage campaign primarily targeting Russian companies in major sectors, such as oil, finance, military or engineering, as well as Russian embassies.

Kaspersky Lab named the campaign Cloud Atlas and claimed it is most likely a successor to the so-called Red October espionage. According to reports, the campaign also targets companies in Belarus, Kazakhstan and India.

Principal security researcher at Kaspersky Lab Igor Sumenkov told Sputnik:

"Both Red October and Cloud Atlas, according to our data, are focused on the abduction of information from the organizations located in Eastern Europe. Mainly, these are diplomatic agencies and other government organizations."
"Probably, only the authors of this malware campaign know why exactly these organizations and exactly on these territories are targeted,"
"the geographical distribution of the victims reflects only particular interests of certain groups of intruders, and not security problems in the region."

Red October cyber espionage malware was discovered by Kaspersky Lab in January 2013. For five years Red October had been transmitting information from various diplomatic, governmental and scientific research organizations around the world, but primarily in Russia. Sumenkov explained:

"Geographic location and occupation of victims of Cloud Atlas and Red October are similar.
Moreover, among the targets of Cloud Atlas there is at least one organization that has been previously attacked by Red October".

The Kaspersky principal security researcher also noted that Cloud Atlas had improved significantly in comparison to its predecessor, and its danger should not be underestimated.

"Judging by the set of malware tools… used by Cloud Atlas, it can be said that this campaign has been developed at least by the group of experienced professionals in creating malicious software."
"Without a doubt, it gives grounds to consider Cloud Atlas espionage network dangerous. Cloud Atlas authors have done a great job preparing to return after Red October was dismantled."

Cloud Atlas usually uses Rich Text Format files attached to emails to infect users' computers. Moreover, the attackers have started using MMS and SMS to infect Android, BlackBerry, and iOS devices.