Uptime Hamster: 14d 23h 38mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza Red October

Red October

0 incidentes 0 paises 0 sectores apt RU Ultimo: -
Aliases: Blue Odin, G0100, Cloud Atlas, APT REDOCTOBER, "RSA incident", "Red October", referencias a dominios como www
Ver en IntelTracker → APTTrail →
Red October is a cyber espionage campaign first publicly identified by Kaspersky Lab in January 2013, though forensic evidence indicates its operations began as early as May 2007. Assessed with high confidence to be of Russian origin, the group's primary motivation is intelligence gathering, specifically targeting diplomatic, governmental, and scientific research organizations. What distinguishes Red October is its highly modular and adaptable attack platform, internally dubbed "Rocra," designed for resilient intelligence collection and capable of recovering access to compromised systems even after command-and-control infrastructure is disrupted. The initial campaign largely ceased after its public exposure; however, a successor campaign known as Cloud Atlas emerged in 2014, exhibiting strong technical and targeting similarities, suggesting continued operations by the same or a closely related group.

Aliases del actor

Blue OdinG0100Cloud AtlasAPT REDOCTOBER"RSA incident""Red October"referencias a dominios como www

Actores similares

apt-redoctoberactor · 1apt-redbaldknightactor · 1apt-redfoxtrotactor · 1apt-redjuliettactor · 1apt-atlascrossactor · 1apt-blueprintactor · 1apt-cloudwizardactor · 1apt-driftingcloudactor · 1RedEchoapt · 1Gamaredon Groupapt · 1

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
DLS / leak siteupwww.alienvault.comAPT REDOCTOBER indicators and references
Repositorioupgithub.comAPT REDOCTOBER indicators and references
DLS / leak siteupraw.githubusercontent.comAPT REDOCTOBER indicators and references
Tecnicas MITRE
T1071, T1498.001, T1078, T1003, T1499, T1087
CVEs relacionadas
CVE-2025-9713, CVE-2025-9501, CVE-2025-9491, CVE-2025-9133, CVE-2025-8677, CVE-2025-8489
Tipo
apt
Pais origen
RU
Motivacion
-
Impacto
100
Actualizado
Wed, 01 Ju

Paises objetivo (SOCRadar)

United Arab EmiratesAfghanistanAlbaniaArmeniaAngolaArgentinaAustriaAustraliaAzerbaijanBosnia and Herzegovina

Sectores objetivo (SOCRadar)

Construction of BuildingsOther Information ServicesAccommodationAir TransportationManufacturingConstructionPublic AdministrationOil & GasEducational ServicesWholesale Trade