RSS
Aggressor of cyber attack christened 'Red October' seeks to exfiltrate data on state policy
The impact of a cyber attack christened 'Red October' is determined both by the fact that the aggressor 'aims at exfiltrating data/documents on state policy and decisions taken at the level of some institutions, and that, by stealing access and authentication passwords, the aggressor could get access to other computer systems', spokesman of the Romanian Intelligence Service (SRI) Sorin Sava informed.
SRI has announced the institutions targeted by that piece of malware, a Trojan, even when under attack, 'and conducted, in cooperation, countermeasures, to restore the normal functioning of those networks'.
'In accordance with its legal attributions for identifying activities undertaken by hostile cyber entities, that seek to obtain access to network information of national interest and to gather classified information, SRI promptly informed the targeted institutions of this cyber attack, using a Trojan, when perpetrated taking, in cooperation, countermeasures to restore the normal functioning of the concerned networks. The impact of the attack is determined both by the fact that the cyber aggressor seeks to exfiltrate data/documents on the state policy and decisions taken by some institutions, as well as that, by stealing access and authentication passwords, the aggressor could get access to other computer systems', according to an information piece remitted to AGERPRES on Wednesday by SRI.
The Romanian Intelligence Service says that, following the analysis of the respective Trojan malware infiltrated into computer systems, it follows that the aggressor in cyberspace was using complex methods of operating in infected computers in order to be protected against antivirus programs, but also to persist by triggering robust regeneration mechanisms, in case it was discovered and anti-virus programs started.
'With reference to the cyber attack christened 'Red October', recently presented by Kaspersky Co., we stress that these aspects have made and make the object of the Intelligence Service (SRI) investigations since 2011, within activities undertaken as the national authority in 'CyberIntelligence' field, in cooperation with other institutions with responsibilities in the country (STS, SIE, CERT-RO) and abroad. (...) In this sense, SRI run operations indicate that the attacker has the necessary resources for operatively valuing the exfiltrated information and for initiative taking in order to launch new cyber attacks against other institutions. Given that the activity of the cyber aggressor affects Romania's national security, SRI continues to take active measures, including by locating and identifying it', SRI also informs.
According to SRI, the attacks identified in recent years show that the cyber threat is one of the largest and fastest growing threats to Romania's national security and of its allies, 'so that the increase of the cyber security level must be a priority of the Romanian state.'
'Cyber security has become one of the important components of the national security, meaning that the Romanian Intelligence Service gives priority to this field, in close cooperation with the other institutions of the Romanian state and with external partners, as well as in partnership with the private sector', the Romanian Intelligence Service specifies.