The primary vectors used to install the malware were emails containing attached documents that exploited vulnerabilities in Microsoft Word and Excel.
[1][2] Later, a webpage was found that exploited a known vulnerability in the Java browser plugin.
[1][3] Red October was termed an advanced cyberespionage campaign intended to target diplomatic, governmental and scientific research organizations worldwide.
A map of the extent of the operation was released by the Kaspersky Lab – the "Moscow-based antivirus firm that uncovered the campaign.
However, the program also appeared to be built on existing exploits developed by Chinese hackers and previously used against Tibetan activists.