An enormous cyber-espionage operation in effect for five years has gone after targets across Europe, as well as in the United States and other countries.

Kaspersky Lab, a Moscow-based firm, discovered the sophisticated malware dubbed Rocra, which was created by Russian-speaking computer experts. No evidence has yet surfaced that links the perpetrators to a government, and it is theorized that Rocra may be controlled by cyber spies bent on selling its stolen secrets on the international black market.

The virus, whose origins date to May 2007, has been used to steal information from European diplomatic and government agencies, including encrypted files used by the North Atlantic Treaty Organization (NATO). The cyber sleuthing also extends to offices outside Europe, including those in Central Asia and North America, even non-U.S. diplomatic organizations inside the U.S.

Additional types of targets include oil, gas and aerospace industries; nuclear and energy research groups; and trade organizations. Kapersky has detected several hundred virus infections around the globe, but believes there are far more that have gone unnoticed.

Rocra can reportedly map computer networks and the configuration of routers, and lift files from thumb drives and cell phones. It also records keystrokes and recovers deleted files, among other things. Rocra then encrypts all the data it steals.

“The main purpose of the operation appears to be the gathering of classified information and geopolitical intelligence, although it seems that the information-gathering scope is quite wide,” Kaspersky wrote in its report, according to Wired. “During the past five years, the attackers collected information from hundreds of high-profile victims, although it’s unknown how the information was used.”

Kapersky Lab’s analysis determined that the cyber-spying operation is still active.

-Noel Brinkerhoff

To Learn More:

Computer Malware Targets Europe Agencies (by Ellen Nakashima, Washington Post)

Cybersleuths Uncover 5-Year Spy Operation Targeting Governments, Others (by Kim Zetter, Wired)

The "Red October" Campaign - An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies (Secure List, Kapersky Lab ZAO)

"Red October" Diplomatic Cyber Attacks Investigation (Secure List, Kapersky Lab ZAO)

Chinese Cyber-Spies Infiltrate Computers in 103 Countries (by Noel Brinkerhoff, AllGov)

Which Nation Launched Largest Cyber Attack Ever? (by Noel Brinkerhoff, AllGov)