Mandiant has observed APT29 using a stealthy backdoor that we call POSHSPY, which leverages two of the tools the group frequently uses: PowerShell and Windows Management Instrumentation.Read more...
Entries filed under 'APT29'
Threat Research Blog
FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.
March 27, 2017 8:00 AM By Matthew Dunwoody | Threat Intelligence
APT29 used domain fronting techniques for backdoor access to hide their network traffic. To detect these nation-state attackers requires endpoint visibility, as well as visibility into TLS connections and effective network signatures.