Operation Ke3chang: Targeted Attacks Against Ministries of Foreign Affairs
This week, FireEye released a report detailing how Chinese-speaking advanced persistent threat (APT) actors systematically attacked European ministries of foreign affairs (MFAs). Within 24 hours, the...
View ArticleTrends in Targeted Attacks: 2013
FireEye has been busy over the last year. We have tracked malware-based espionage campaigns and published research papers on numerous advanced threat actors. We chopped through Poison Ivy, documented a...
View ArticleWhere have all the credit cards gone? The cybercrime underground and its ties...
Security researchers have tracked Target’s massive data breach to an individual believed to be operating from Ukraine. The stolen credit card data is already being sold on underground Russian-language...
View ArticleXtremeRAT: Nuisance or Threat?
Rather than building custom malware, many threat actors behind targeted attacks use publicly or commercially available remote access Trojans (RATs). This pre-built malware has all the functionality...
View ArticleFrom Windows to Droids: An Insight in to Multi-vector Attack Mechanisms in RATs
FireEye recently observed a targeted attack on a U.S.-based financial institution via a spear-phishing email. The payload used in this campaign is a tool called WinSpy, which is sold by the author as a...
View ArticleCrimeware or APT? Malware’s “Fifty Shades of Grey”
Some cybercriminals build massive botnets to use unsuspecting endpoints for spam, distributed denial-of-service (DDoS) attacks, or large-scale click fraud. With the aid of banking Trojans, other...
View ArticleOperation Saffron Rose
There is evolution and development underway within Iranian-based hacker groups that coincides with Iran’s efforts at controlling political dissent and expanding offensive cyber capabilities. The...
View ArticleBrutPOS: RDP Bruteforcing Botnet Targeting POS Systems
There have been an increasing number of headlines about breaches at retailers in which attackers have made off with credit card data after compromising point-of-sale (POS) terminals. However, what is...
View ArticleSpy of the Tiger
A recent report documents a group of attackers known as “PittyTiger” that appears to have been active since at least 2011; however, they may have been operating as far back as 2008. We have been...
View ArticleData Theft in Aisle 9: A FireEye Look at Threats to Retailers
While cybercriminals continue to target the payment card and banking information of individual users, they seem increasingly aware that compromising retailers is more lucrative. Targeting retailers is...
View Article
More Pages to Explore .....