Red October Malware Infrastructure Disappears
The command and control infrastructure began shutting down soon after Kaspersky researchers disclosed the campaign's existence.
Soon after Kaspersky Lab researchers disclosed the existence of the Red October cyber-espionage campaign, the operators apparently began dismantling its infrastructure.
"[Kaspersky's] research uncovered more than 60 Internet domain names used to run the sprawling command and control network that funneled malware and received stolen data to and from infected machines," writes Ars Technica's Dan Goodin. "In the hours following the report, many of those domains and servers began shutting down, according to an article posted Friday by Kaspersky news service Threatpost."
"It's clear that the infrastructure is being shut down," Kaspersky's Costin Raiu told Threatpost. "This time it's being shut down for good. Not only the registrars killing the domains and the hosting providers killing the command-and-control servers but perhaps the attackers shutting down the whole operation."
"While that could be the case, to a certain extent, Red October is known for being resilient and having layers upon layers of proxy defense," writes Gizmodo's Eric Limer. "The 'mothership' has not been located, so there's still a juicy core of stolen intel somewhere out there. ... The question is: has Red October been thwarted by being found out, or is it just pulling into hibernation until everyone forgets about it, only to come back with new tools and now proxies? My money is on the latter."