Red October Cyber Espionage Campaign Relied on Java Exploit to Infect Computers

Seculert experts have also analyzed the C&C servers of the 5-year-long operation

By on January 15th, 2013 14:34 GMT

On Monday, Kaspersky Lab experts revealed the existence of a 5-year-long cyber espionage campaign aimed at various governments and other high-profile organizations. After performing their own analysis of operation Red October, Seculert experts have revealed that the attackers were, at some point, using an old Java exploit to push malware.

Kaspersky experts have said that the cybercriminals are leveraging vulnerabilities in Microsoft Word and Excel to push malware onto their victims’ computers.

However, according to Seculert, back in February 2012, they relied on an older Java vulnerability (CVE-2011-3544).

“In this vector, the attackers sent an email with an embedded link to a specially crafted PHP web page. This webpage exploited a vulnerability in Java, and in the background downloaded and executed the malware automatically,” experts noted.

The security hole abused by this exploit was patched by Oracle back in October 2011, but the attackers utilized it in February 2012. This shows that cybercriminals often make use of known vulnerabilities, knowing that users fail to update their installations.

Comments