The companies have released a whitepaper that details the cyber espionage campaignAlienVault and Kaspersky have released a whitepaper entitled “Operation ‘Red October’: Indicators of Compromise and Mitigation Data.”
The report’s purpose is to aid organizations in identifying and mitigating the recently uncovered massive cyber espionage campaign dubbed Red October.
The whitepaper contains background information, indicators of compromise, command and control domains, the IP addresses utilized in the attack, a list of passwords and community names used to attack network devices, network traffic details, RC4 encryption keys, and data on the vulnerabilities exploited in the campaign.
In addition, the security firms also provide an OpenIOC file that can be used by system administrators to check for any signs of the cyber espionage operation.
In the meantime, Kaspersky has revealed that the attackers have started shutting down their command and control infrastructure.
“Operation ‘Red October’: Indicators of Compromise and Mitigation Data” is available here.