On Wednesday, Kaspersky Labs' Global Research & Analysis Team reported a new cyber espionage campaign primarily targeting Russian companies in major sectors, such as oil, finance, military or engineering, as well as Russian embassies. Kaspersky Lab named the campaign Cloud Atlas and claimed it is most likely a successor to the so-called Red October espionage. According to reports, the campaign also targets companies in Belarus, Kazakhstan and India.
Red October cyber espionage malware was discovered by Kaspersky Lab in January 2013. For five years Red October had been transmitting information from various diplomatic, governmental and scientific research organizations around the world, but primarily in Russia.
"Geographic location and occupation of victims of Cloud Atlas and Red October are similar. Moreover, among the targets of Cloud Atlas there is at least one organization that has been previously attacked by Red October," Sumenkov explained.
"Judging by the set of malware tools… used by Cloud Atlas, it can be said that this campaign has been developed at least by the group of experienced professionals in creating malicious software. Without a doubt, it gives grounds to consider Cloud Atlas espionage network dangerous. Cloud Atlas authors have done a great job preparing to return after Red October was dismantled."
Cloud Atlas usually uses Rich Text Format files attached to emails to infect users' computers. Moreover, the attackers have started using MMS and SMS to infect Android, BlackBerry, and iOS devices.