SecurityTube

Red October Attackers Shutting Down C&C Infrastructure

JB

It appears that the attackers behind the Red October cyberespionage campaign are taking their ball and going home. Since the attack came to light on Monday, the attackers have begun shutting down their infrastructure and the hosting providers and registrars involved with some of the command-and-control domains are shutting those down, as well.

The Red October campaign has been ongoing for more than five years and the as-yet-unknown attackers behind it have been focusing their attention on a variety of targets, including embassies, research facilities, military facilities and other high-value institutions. The campaign has been wide-ranging and included targets in countries on several continents. Backing the campaign up were more than 60 C&C domains, but now researchers say that infrastructure is beginning to come apart at the seams.

In an interview yesterday, Costin Raiu of the Kaspersky Lab GReAT Team, which has done much of the research on Red October, said that since Monday when the first report of the campaign came out hosting providers and domain owners have been shutting down servers used to help run the campaign.