Researchers at Kaspersky Lab have uncovered an "advanced cyber espionage network" - dubbed Red October - that has been active for at least five years and is targeting diplomatic and government agencies.

At the request of an unnamed partner, Kaspersky investigated and uncovered Red October (or Rocra) in October. Since at least 2007, it has targeted organizations mostly in Eastern Europe, former USSR members, and countries in Central Asia, but the malware has also showed up in Western Europe and North America.,2817,2414260,00.asp

The team at Kaspersy noted that though they’d found a set of 60 “command and control” servers throughout Germany and Russia that were responsible for these attacks, they each appeared to have been controlled by a sort of “mother ship” server which they’ve not yet located. Each of the attacks thus far appear to have been attached to Microsoft Word or Excel documents and delivered via email. When the document was downloaded and opened, a connection was made between the computer and one of the many command and control servers which then delivered the files necessary to collect secure data.

This Rocra malware was also spread with USB drives as well as through smartphones, not just through desktop machines. Mentions of Russian words throughout the discovered malware systems have been suggested to either point towards the software as being Russian in origin or placed deliberately to make the software appear to have come from Russia when in fact it was made by a different group entirely.