Through the course of our client engagements, Mandiant's Intel team tracks and analyzes the threat activity we observe. We recently saw two separate APT groups use two different backdoors that had very similar networking protocols. Nevertheless, they are separate backdoors with separate functionality. This is notable because in general, when network defenders see an IDS alert associated with a custom backdoor protocol, they tend to assume that a specific backdoor has been deployed in the network.Read more...
Entries filed under 'HIPSTING'
Threat Research Blog
FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.