Introduction - In October 2012 Kaspersky Labs received a suspicious executable file from a partner which led to them conducting an investigation and uncovering thousands of different e-mails with similar ‘Rocra’ attachments sent around the world. This APT initially infected around 1000 machines globally, using spear phishing e-mails that targeted carefully selected individuals because of the information that they have access to. After the hackers gained access to these machines they would use the compromised machines to spy on the users and gather intelligence on geopolitical intelligence, credentials to access classified computer systems, and data from personal mobile devices and network equipment. The attack appears to have been active since …show more content…
Training courses, refreshers and material given to staff on company intranets and posters in the office can help keep staff aware of the consequences that attacks like this can have. 'There is sensitive geopolitical information being stolen, which is very valuable, ' said Mr. Kamluk. Kaspersky estimate there were 20-30 developers working full time on this, and all were 'very experienced programmers '. 'Over the course of the last five years, we believe several terabytes of data was stolen - it 's massive. 'Since we published the report, we have seen some of the servers are no longer responding. 'The firm is now working with law enforcement agencies to shut down the remaining servers. Kaspersky has successfully detected, blocked and remediated the Rocra malware but APT’s like these often can be used again by changing small elements of the malware used they can bypass current detection methods. This particular attack was collecting data for 5 years before it was discovered so if someone were to modify it, it could carry on like that again without detection.