Researchers in Russia have uncovered an on-going spy operation so extensive that it has victimized 69 different countries in the last five years.
Moscow-based Kaspersky Labs has dubbed the operation "Red October," and first discovered the espionage campaign back in October 2012. Though the lab didn't say what kind of information the hackers stole, it did note that the vicitims were "high profile," ranging from government agencies and embassies, to researchers in the fields of nuclear energy and aerospace.
Most of the infections have been detected in Russia, although many countries were attacked multiple times, including the United States, India, Iran, Belgium, and the United Arab Emirates.
"The main purpose of the operation appears to be the gathering of classified information and geopolitical intelligence, although it seems that the information gathering scope is quite wide," said Kaspersky in a report on Monday. "During the past five years, the attackers collected information from hundreds of high profile victims although it's unknown how the information was used."
There's no evidence suggesting that the attacks are associated with any nation, though that doesn't necessarily signal anything significant. It's possible the information stolen by the hackers could be sold on the black market to the highest bidder, meaning any nation, rogue organization, or individual interested.
Still, some clues hint to the idea that the attackers speak Russian. Kaspersky found Russian words in the code that suggest the spies are native speakers, and the servers used to connect to and steal information from infected devices were registered to Russian email addresses. In addition, some of the command structure servers are based in Russia, although there are some in Germany as well.
Kaspersky's Costin Raiu warns that all these signs may simply be red herrings intended to lead investigators in the wrong direction.
Even if the hackers are Russian-speaking, they have gotten by using a mix of internally-developed technology and the same Chinese-developed programming exploits used against Tibetan activists and other victims in Asia.
"We can assume that these exploits have been originally developed by Chinese hackers, or at least on Chinese code page computers," said Raiu. "They're using outer shells that have been used against Tibetan activists, but the malware itself does not appear to be of Chinese origin."
Kaspersky Labs continues to investigate Red October with a number of different international and government organizations.