The report, called ‘Red October Diplomatic Cyber Attacks Investigation’ after the novel ‘The Hunt for the Red October’, reveals the attackers intended to gather intelligence from the compromised organisation’s computer systems, network equipment and personal mobile devices.
The attackers were an ‘advanced cyber-espionage network’ that had been active since 2007 and who used the harvested information in cyber attacks.
“The samples we managed to find were using exploit code for vulnerabilities in Microsoft Word and Microsoft Excel that were created by other attackers and employed during different cyber attacks. The attackers left the imported exploit code untouched, perhaps to harden the identification process,” Kaspersky said.
Kaspersky adds that the malware used had ‘unique architecture’ with the capability of quick extension feature that gathers intelligence.
More worrying is the broad range of targets that the attackers were able to infiltrate, such as smartphones (iPhone, Nokia and Windows Mobile), Cisco’s enterprise network equipment, flash drives and the traditional targets such as workstations.
According to researchers at Kaspersky Lab, they uncovered nine exploit codes in the three East African Community (EAC) member states, five of which were in Uganda and two in both Tanzania and Kenya.
The attackers targeted embassies, whose real identities remained withheld, in all the three countries.