Type: Believed Nation State

Status: Inactive

Other Names:  Rocra

Active Since/Discovered: 2007/ January 2013

Targets: Eastern Europe, former USSR and countries in Central Asia, as well as some countries in Western Europe and North America.

Target Sectors:

  • Government entities
  • Diplomatic organizations/embassies
  • Academia/Research
  • Trade and commerce
  • Energy, oil and gas companies
  • Aerospace
  • Military


  • Rocra Platform/ Red October Platform
    • Included several extensions and malicious files designed to quickly adjust to different system configurations and harvest intelligence from infected machines
    • Capable of stealing data from mobile devices
    • Designed to execute tasks provided by C2 servers, typically as one time PE DLL libraries that are received by server, executed in memory, and then discarded.

Preferred Attack Vector:  Social Engineering and Exploits



  • Exploits used by the Rocra malware appear to have been created by Chinese hackers while the malware itself has Russian authors.


Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google