Entries filed under 'Ned Moran'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.


    Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets

    By Ned Moran, Nart Villeneuve
    FireEye has discovered a campaign leveraging the recently announced zero-day CVE-2013-3893. This campaign, which we have labeled ‘Operation DeputyDog', began as early as August 19, 2013 and appears to have targeted organizations in Japan. FireEye Labs has been continuously monitoring the activities of the threat actor responsible for this campaign. Analysis based on our Dynamic Threat Intelligence cluster shows that this current campaign leveraged command and control infrastructure that is related to Read more...


    Evasive Tactics: Taidoor

    By Nart Villeneuve, Ned Moran, Thoufique Haq
    The Taidoor malware has been used in many ongoing cyber espionage campaigns. Its victims include government agencies, corporate entities, and think tanks, especially those with interests in Taiwan. [1] In a typical attack, targets receive a spear-phishing email which encourages them to open an attached file. If opened on a vulnerable system, malware is silently installed on the target’s computer while a decoy document with legitimate content is opened that is intended Read more...


    Operation Molerats: Middle East Cyber Attacks Using Poison Ivy

    By Nart Villeneuve, Ned Moran, Thoufique Haq
    Don't be too hasty to link every Poison Ivy-based cyber attack to China. The popular remote access tool (RAT), which we recently detailed on this blog, is being used in a broad campaign of attacks launched from the Middle East, too. First, some background: In October 2012, malware attacks against Israeli government targets grabbed media attention as officials temporarily cut off Internet access for its entire police force and banned the use Read more...


    The Sunshop Campaign Continues

    By Ned Moran
    We recently detected what we believe is a continuation of the Sunshop campaign that we first revealed on May 20, 2013. This follow-on to the Sunshop campaign started on July 17, 2013. In this latest wave the attackers inserted malicious redirects into a number of websites – at least two of which were also compromised in the May 2013 edition of this campaign. The most prominent sites compromised in this round of Read more...


    Survival of the Fittest: New York Times Attackers Evolve Quickly

    By Ned Moran, Nart Villeneuve
    The attackers behind the breach of the New York Times’ computer network late last year appear to be mounting fresh assaults that leverage new and improved versions of malware. The new campaigns mark the first significant stirrings from the group since it went silent in January in the wake of a detailed expose of the group and its exploits — and a retooling of what security researchers believe is a massive spying Read more...