Entries filed under 'Nart Villeneuve'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.

    Evasive Tactics: Taidoor

    By Nart Villeneuve, Ned Moran, Thoufique Haq
    The Taidoor malware has been used in many ongoing cyber espionage campaigns. Its victims include government agencies, corporate entities, and think tanks, especially those with interests in Taiwan. [1] In a typical attack, targets receive a spear-phishing email which encourages them to open an attached file. If opened on a vulnerable system, malware is silently installed on the target’s computer while a decoy document with legitimate content is opened that is intended Read more...

    Njw0rm - Brother From the Same Mother

    By Uttang Dawda, Nart Villeneuve
    FireEye Labs has discovered an intriguing new sibling of the njRAT remote access tool (RAT) that one-ups its older "brother" with a couple of diabolically clever features. Created by the same author as njRAT —a freelance coder who goes by the moniker njq8 — the new njw0rm malware has the ability to spread using removable computer storage and can steal login credentials to a popular dynamic DNS service. The older njRAT was first documented about Read more...

    Operation Molerats: Middle East Cyber Attacks Using Poison Ivy

    By Nart Villeneuve, Ned Moran, Thoufique Haq
    Don't be too hasty to link every Poison Ivy-based cyber attack to China. The popular remote access tool (RAT), which we recently detailed on this blog, is being used in a broad campaign of attacks launched from the Middle East, too. First, some background: In October 2012, malware attacks against Israeli government targets grabbed media attention as officials temporarily cut off Internet access for its entire police force and banned the use Read more...

    Survival of the Fittest: New York Times Attackers Evolve Quickly

    By Ned Moran, Nart Villeneuve
    The attackers behind the breach of the New York Times’ computer network late last year appear to be mounting fresh assaults that leverage new and improved versions of malware. The new campaigns mark the first significant stirrings from the group since it went silent in January in the wake of a detailed expose of the group and its exploits — and a retooling of what security researchers believe is a massive spying Read more...

    The Curious Case of Encoded VB Scripts : APT.NineBlog

    By Thoufique Haq, Nart Villeneuve
    We came across a rather peculiar TTP (Tools, Techniques, and Procedures) in a targeted attack we found recently. This targeted attack uses simpler techniques but still remains effective in infiltrating the target. The weaponized document that was part of this attack was intended for a victim in India as evident from the contents of the decoy document presented post exploitation. The main modules of this attack are implemented in encoded VB scripts Read more...