Kasparsky Labs explain the “Red October” threat

On January 14, 2013, Kaspersky Lab announced the discovery of “Red October”, a high-level cyber-espionage campaign that has been active for over five years.  This campaign has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations, gathering data and intelligence from mobile devices, computer systems and network equipment.

Red October


Kaspersky Lab’s researchers have spent several months analyzing this malware, which targets specific organizations mostly in Eastern Europe, former USSR members and countries in Central Asia, but also in Western Europe and North America.


The campaign, identified as “Rocra”, short for “Red October”, is currently still active with data being sent to multiple command-and-control servers, through a configuration which rivals in complexity the infrastructure of the Flame malware. Registration data used for the purchase of C&C domain names and PE timestamps from collected executables suggest that these attacks date as far back as May 2007.


This white paper is aimed at CERTs and system administrators, to allow the detection and mitigation of the threat. It contains information on known IPs associated with the attackers; Command and Control domains which have been observed in the attacks; as well as information which can be used by security professionals to quickly search and identify security breaches.

 Read more:

Red October – Indicators of compromise