CERT alerts Information about a breach to Democratic National Committe the formal governing body of the US Democratic Party There is rarely a dull day at CrowdStrike where we are not detecting or responding to a breach at a company somewhere around the globe. In all of these cases, we operate under strict confidentiality rules with our customers and cannot reveal publicly any information about these attacks.
CERT alerts Information about spear phishing e-mails targeting Indian government officials On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials.
CERT alerts Information about Irongate malware masking malicious activity on SCADA systems In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering (FLARE) team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment.
CERT alerts Information about IXESHE rerivative IHEATE that targets users in America Since 2012, we’ve been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany.
CERT alerts Information about malicious e-mails against Banks in the Middle East In the first week of May 2016, FireEye’s DTI identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region.
CERT alerts Information about operation Ke3chang Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal.
CERT alerts Information about Suckfly attacks targeting Indian organizations In March 2016, Symantec published a blog on Suckfly, an advanced cyberespionage group that conducted attacks against a number of South Korean organizations to steal digital certificates.
CERT alerts Exploring CVE-2015-2545 This report, available at TLP:GREEN to researchers and network defenders, gives an overview of different attacks using CVE-2015-2545.
CERT alerts Information about two Windows variants of Derusbi malware To follow up on the March report on the discovery of a 64-bit Linux variant of Derusbi used in the Turbo campaign, this post covers our analysis of two unique Windows variants of the Derusbi PGV_PVID malware.
CERT alerts Information about Prince of Persia: Infy malware Attack campaigns that have very limited scope often remain hidden for years. If only a few malware samples are deployed, it’s less likely that security industry researchers will identify and connect them together.
CERT alerts Information about malware attacking the Bangladesh Bank's SWIFT payment system In February 2016 one of the largest cyber heists was committed and subsequently disclosed. An unknown attacker gained access to the Bangladesh Bank’s (BB) SWIFT payment system
CERT alerts Information about The Ghost Dragon APT group Cylance SPEAR™ has identified an APT group which deploys multiple customized malware implants, targeting mainly Chinese and Russian users.
CERT alerts Information about a cyber-attack facilitator in the Netherlands A small web hosting provider with servers in the Netherlands and Romania has been a hotbed of targeted attacks and advanced persistent threats (APT) since early 2015. Starting from May 2015 till today we counted over 100 serious cyber attacks that originated from servers of this small provider.
CERT alerts Information about Suckfly, a China-based APT group that uses stolen codesigning certificates While code-signing certificates can offer more security, they can also live an unintended secret life providing cover for attack groups, such as the Suckfly APT group.
CERT alerts Information about a longrunning espionage campaign against the Tibetan community This report describes the latest iteration in a longrunning espionage campaign against the Tibetan community.
CERT alerts Information about operation DustStorm an APT against numerous major industries across Japan , South-Korea, US, Europe and several Southeast Asian countries Cylance SPEAR has uncovered a long-standing persistent threat targeting numerous major industries spread across Japan, South Korea, the UnitedStates, Europe, and several other Southeast Asian countries.
CERT alerts Information about the Posseidon Group targeted attack against different companies During the latter part of 2015, Kaspersky researchers from GReAT (Global Research and Analysis Team) got hold of the missing pieces of an intricate puzzle that points to the dawn of the first Portuguesespeaking targeted attack group, named “Poseidon.”
CERT alerts Information about attack on French Diplomat We observed a targeted attack in November directed at an individual working for the French Ministry of Foreign Affairs. The attack involved a spearphishing email sent to a single French diplomat based in Taipei, Taiwan and contained an invitation to a Science and Technology support group event.
CERT alerts Changelog of Emissary trojan In December 2015, Unit 42 published a blog about a cyber espionage attack using the Emissary Trojan as a payload. Emissary is related to the Elise Trojan and the Operation Lotus Blossom attack campaign, which prompted us to start collecting additional samples of Emissary.
CERT alerts Infomation about BlackEnergy APT employspearfishing with Word documents Late last year, a wave of cyberattacks hit several critical sectors in Ukraine. Widely discussed in the media, the attacks took advantage of known BlackEnergy Trojans as well as several new modules.
CERT alerts A paper about malwares and sandbox analysis Malware sandboxes are automated dynamic analysis systems that execute programs in a controlled environment. Within the large volumes of samples submitted daily to these services, some submissions appear to be different from others and show interesting characteristics.
CERT alerts Information about BlackEnergy trojan, targeting Ukrainian new media and electric industry The cybercriminal group behind BlackEnergy, the malware family that has been around since 2007 and has made a comeback in 2014 (see our previous blog posts on Back in BlackEnergy
