Mandiant has observed APT29 using a stealthy backdoor that we call POSHSPY, which leverages two of the tools the group frequently uses: PowerShell and Windows Management Instrumentation.Read more...
Entries filed under 'APT29'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.
March 27, 2017 8:00 AM By Matthew Dunwoody | Threat Intelligence, Threat Research
APT29 used domain fronting techniques for backdoor access to hide their network traffic. To detect these nation-state attackers requires endpoint visibility, as well as visibility into TLS connections and effective network signatures.