The role of nation-state actors in cyber attacks was perhaps most widely revealed in February 2013 when Mandiant released the APT1 report, which detailed a professional cyber espionage group based in China. Today we release a new report: APT28: A Window Into Russia’s Cyber Espionage Operations? This report focuses on a threat group that we have designated as APT28. While APT28’s malware is fairly well known in the cybersecurity community, our report Read more...
Archive for 'October 2014'
APT28: A Window into Russia's Cyber Espionage Operations?
October 27, 2014 4:00 AM | Threat IntelligenceA Threatening Threat Map
October 21, 2014 9:00 AM By Ali Mesdaq | Threat Intelligence
FireEye recently released a ThreatMap to visualize some of our Threat Intelligence Data.The ThreatMap data is a sample of real data collected from our two-way sharing customers for the past 30 days. The data represented in the map is malware communication to command and control (C2) servers, where the "Attackers” represent the location of the C2 servers and "Targets" represent customers.To mask customer identity, locations are represented as the center of the Read more...
Double-edged Sword: Australia Economic Partnerships Under Attack from China
October 13, 2014 7:00 PM | Threat IntelligenceEvery day at Mandiant we respond to some of the largest cyber security incidents around the world. This gives us a front-row seat to witness what works (and what doesn't) when it comes to finding attackers and preventing them from stealing our clients' data.
Read more...New Tactics. New Motives. New Services.
October 8, 2014 3:16 PM By Jurgen KutscherEvery day at Mandiant we respond to some of the largest cyber security incidents around the world. This gives us a front-row seat to witness what works (and what doesn't) when it comes to finding attackers and preventing them from stealing our clients' data.
Read more...
MIRcon 2014 – Day 1 Highlights
October 8, 2014 1:56 AM By Helena BritoThe first day of MIRcon 2014 is officially done and was packed with thought-provoking keynotes, presentations and a one-of-a-kind reception. While there's too much to fit into this blog post, I wanted to provide you with some of the highlights:
Read more...Q&A Webinar Follow-Up: Fresh Prints of Malware - Retail Therapy: An Analysis of Retail Breaches and Card Theft
October 2, 2014 6:28 PM By Helena BritoAs a follow-up to our recently held webinar Fresh Prints of Malware - Retail Therapy: An Analysis of Retail Breaches and Card Theft, questions answered by presenters Nick Pelletier and Manny Jean-Georges are listed below. To view the archived webinar, please click here.
Read more...What are Java's Biggest Vulnerabilities?
October 15, 2014 9:00 AM By Abhishek Singh | Vulnerabilities, Targeted Attack
In our continuing mission to equip security professionals against today’s advanced cyber threats, FireEye has published a free technical report, “A Daily Grind: Filtering Java Vulnerabilities." The report outlines the three most commonly exploited Java vulnerabilities and maps out the step-by-step infection flow of exploits kits that leverage them.CVE-2012-0507: is due to the improper implementation of AtomicReferenceArray() leading to the type confusion vulnerability.CVE-2013-2465: which involves insufficient bounds checks in the storeImageArray() function. This vulnerability is Read more...
Two Limited, Targeted Attacks; Two New Zero-Days
October 14, 2014 10:46 AM By Dan Caselden | Vulnerabilities, Targeted Attack
The FireEye Labs team has identified two new zero-day vulnerabilities as part of limited, targeted attacks against some major corporations. Both zero-days exploit the Windows Kernel, with Microsoft assigning CVE-2014-4148 and CVE-2014-4113 to and addressing the vulnerabilities in their October 2014 Security Bulletin.FireEye Labs have identified 16 total zero-day attacks in the last two years – uncovering 11 in 2013 and five in 2014 so far.Microsoft commented: “On October 14, 2014, Microsoft Read more...
The Shellshock Aftershock for NAS Administrators
October 1, 2014 3:00 PM By James T. Bennett, J. Gomez | Vulnerabilities
SummaryFireEye has been monitoring Shellshock-related attacks closely since the vulnerability was first made public last week. Specifically, FireEye has observed attackers attempting to exploit the BASH remote code injection vulnerability against Network Attached Storage systems (NAS). These attacks result in the hackers having a root level remote shell, gaining full access to the contents of the NAS. The observed targets have been primarily located in Japan and Korea with one additional target Read more...
Data Theft in Aisle 9: A FireEye Look at Threats to Retailers
October 6, 2014 10:00 AM By Nart Villeneuve | Targeted Attack
While cybercriminals continue to target the payment card and banking information of individual users, they seem increasingly aware that compromising retailers is more lucrative. Targeting retailers is not new; Albert Gonzales infamously targeted retailers nearly a decade ago. What has changed, however, is the wide availability of tools and know-how that make it possible for even relatively unskilled cybercriminals to commit large-scale attacks. The results speak for themselves – significant breaches at Read more...
Sign up for email update
Get information and insight on today's advanced threats from the leader in advanced threat prevention.
