Earlier this week, a sophisticated, capable, and seemingly freelance cyber-spying operation called Red October burst onto the scene. Well, it's probably been around for years, but we all only just found out about it. Now, it's already disappearing. After having the light shined on it, it's darting back into the shadows.
It looks like Red October is a bit bashful. After the big reveal, Red October's infrastructure started going offline. Domain names associated with the project have begun to disappear, as well as hosting for command and control servers. It's like the whole project is packing up and going home now that the secret' is out.
While that could be the case, to a certain extent, Red October is known for being resilient and having layers upon layers of proxy defense. The "mothership" has not been located, so there's still a juicy core of stolen intel somewhere out there. The retraction of recently discovered feelers only makes sense as a move to protect it. The question is: has Red October been thwarted by being found out, or is it just pulling into hibernation until everyone forgets about it, only to come back with new tools and now proxies? My money is on the latter. [Threatpost via Ars Technica]