In Case You Missed it: The FireEye Top Five Stories of the Week

1. France TV5Monde: Russian hackers we know as APT28 may have posed as ISIS Cypher Caliphate to shut down France TV5Monde for 18 hours on April 8. They posted pro-ISIS propaganda via social media during the attack. FireEye manager of threat intelligence Jen Weeden was interviewed by BuzzFeed News regarding the attack. FireEye has covered APT28 extensively, including a full report and blog post in October 2014.

2. Duqu 2.0 malware: FireEye was not affected by the successful use of the Duqu 2.0 malware tool on a security firm. The nation-state cyber espionage group’s target reveals a dramatic new shift in the cyber landscape – one in which cyberspies infiltrate security companies to get intelligence on the latest technology meant to deter them.

3.  OPM latest:  FireEye Chief Security Strategist Richard Bejtlich’s blog about the Office of Personnel Management breach, in which 4 million federal employee’s personal records were leaked, was featured in Dark Reading. He points out that part of the issue is a misunderstanding of how the Continuous Diagnostic and Mitigation (CDM) program works, likening it to locking the doors and windows when the intruder is already inside a house. CNN interviewed Bryce Boland on why China might be trying to gather this type of intelligence. 

4. NY Times on smaller targets: The NY Times reports that smaller retailers and businesses feel a false sense of security when it comes to thinking they’d be targeted by hackers. The article includes opinions from FireEye Threat Intelligence Analyst Nart Villanueve, who points out that cyber criminals often focus on smaller companies. A common approach is to send malicious emails in hopes that embedded malware can infect the network and compromise point-of-sale logon credentials.