Entries filed under 'James T. Bennett'

Threat Research Blog

FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.


    XtremeRAT: Nuisance or Threat?

    By Nart Villeneuve, James T. Bennett
    Rather than building custom malware, many threat actors behind targeted attacks use publicly or commercially available remote access Trojans (RATs). This pre-built malware has all the functionality needed to conduct cyber espionage and is controlled directly by humans, who have the ability to adapt to network defenses. As a result, the threat posed by these RATs should not be underestimated. However, it is difficult to distinguish and correlate the activity of targeted Read more...


    Supply Chain Analysis: From Quartermaster to Sunshop

    By Ned Moran, James T. Bennett
    Today, we released a new report from FireEye Labs entitled Supply Chain Analysis: From Quartermaster to Sunshop. The report details how many seemingly unrelated cyber attacks may, in fact, be part of a broader offensive fueled by a shared development and logistics infrastructure — a finding that suggests some targets are facing a more organized menace than they realize. Our research points to centralized planning and development by one or more advanced Read more...


    The Mutter Backdoor: Operation Beebus with New Targets

    By James T. Bennett
    FireEye Labs has observed a series of related attacks against a dozen organizations in the aerospace, defense, and telecommunications industries as well as government agencies located in the United States and India which have been occurring at least as early as December of 2011. In at least one case, a decoy document included in the attack contained content that focused on Pakistan military advancements in unmanned vehicle, or “drone” technology. Technically, these Read more...


    It's a Kind of Magic

    By James T. Bennett
    In our last post we shared our initial analysis of the malware that is installed as a result of the PDF found in the wild that exploits the then-zero-day vulnerabilities, CVE-2013-0640 and CVE-2013-0641. Today we are sharing more details about this new malware, which we have dubbed "666." The following is not a complete analysis, but outlines some of the main functionality and its interesting features. At its heart, this malware is Read more...


    The Number of the Beast

    By James T. Bennett
    Yesterday, we sent out a warning regarding the PDF zero-day we found being exploited in the wild. Adobe has released a security advisory with mitigations. Here are more details about the attack. The JavaScript embedded in the crafted PDF is highly obfuscated using string manipulation techniques. Most of the variables in the JavaScript are in Italian. The JavaScript has version checks for various versions of Adobe Reader as shown below and it Read more...