Through the course of our client engagements, Mandiant's Intel team tracks and analyzes the threat activity we observe. We recently saw two separate APT groups use two different backdoors that had very similar networking protocols. Nevertheless, they are separate backdoors with separate functionality. This is notable because in general, when network defenders see an IDS alert associated with a custom backdoor protocol, they tend to assume that a specific backdoor has been deployed in the network.Read more...
Entries filed under 'HIPSTING'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.