After Kaspersky released the details of the Red October cyber espionage campaign, the cybercriminals that run it have started backing down. They’ve begun shutting down command and control (C&C) servers.
Furthermore, according to Kaspersky’s ThreatPost, the hosting providers and the owners of the domains used in the attacks have also started taking everything apart.
“It's clear that the infrastructure is being shut down. This time it's being shut down for good. Not only the registrars killing the domains and the hosting providers killing the command-and-control servers but perhaps the attackers shutting down the whole operation,” explained Costin Raiu of the Kaspersky Lab GReAT Team.
Over 60 command and control domains have already been uncovered, but experts believe that these are just “first-level proxies.”
The Red October campaign is one of the most sophisticated cyber espionage campaign ever seen. The part of the report that focuses on the attack modules alone covers 140 pages.
Despite being named by Kaspersky the most comprehensive investigation into a cybercriminal operation, it’s likely that there are still some details left uncovered.