The document summarizes a long-running cyber espionage campaign called Red October that was discovered in 2012. It targeted various governments, diplomats, and organizations through a unique and advanced cyber network architecture. The attackers used a variety of exploits and techniques to avoid detection, scrub malware, and steal over 1,000 files from a broad range of targets located globally. The document concludes by thanking the reader and inviting any questions or comments about the Red October cyber espionage campaign.

1. Red October
Tracking Active CyberSONAR in 2012
Kurt Baumgartner, Senior Security Researcher
Global Research and Analysis Team

2. Long-Running Cyber-surveillance Campaign
Perspectives of Red October intelligence gathering
Advanced Cyberespionage Network
Unique Architecture
Broad Target Variety
Exploit Scrubbing
Attacker Identifiers

3. Advanced Cyberespionage Network
Your conclusions were all wrong, Ryan

4. Unique Architecture
Y'know, I seen me a mermaid once. I even seen me a shark eat an octopus.
Over 1,000 related
files collected

5. Broad Target Variety
Various diplomats, government agencies, geopolitical financial centers, and more
Sources: 2012 KSN Data + Sinkhole activity

6. Exploit Scrubbing
Scrubbed CN-APT spear
Scrubbed CN-APT spear
• CVE-2012-0158
• CVE-2010-3333
• CVE-2009-3129
Custom decoys
Timely, relevant names
Ongoing detection, AV-evasion,
Advanced Exploit Prevention

7. Attacker Identifiers
Classifying and locating
Historical WHOIS
Compiled Artifacts

8. Thank You
Questions, comments, criticism?
Kurt Baumgartner, Senior Security Researcher
Global Research and Analysis Team
kurt.baumgartner@kaspersky.com