Threat Intelligence Reports
Cyber threat intelligence on advanced attack groups and technology vulnerabilities
FireEye regularly publishes cyber threat intelligence reports that describe the members of Advanced Persistent Threat (APT) groups, how they work and how to recognize their tactics, techniques and procedures. Cyber threat intelligence reports also cover vulnerabilities of specific business technologies, such as email, sandboxes and mobile devices. With access to such details cyber security experts can build better defenses against these APT groups and advanced cyber attacks.
Learn more about Mandiant Cyber Threat Intelligence.
Forrester Wave Report
Forrester names FireEye a leader for Threat Intelligence in “The Forrester Wave™: External Threat Intelligence Services, Q1 2021” report.
Suspected Iranian Influence Operation
Details on how this suspected influence operation leveraged inauthentic news sites and social media aimed at U.S., U.K., other audiences.
APT37 (Reaper): The Overlooked North Korean Actor
Learn more about the suspected North Korean cyber espionage group that we now track as APT37.
Threat Intelligence Reports
Forrester: FireEye Named the Leader in External Threat Intelligence Services
Threat intelligence is one of the most overused terms in cyber security today. Every vendor promises their threat intelligence will solve your security challenges. This creates confusion in the marketplace and makes it challenging to evaluate threat intelligence offerings.
To help organizations better understand threat intelligence service offerings, Forrester recently published their research report: The Forrester New Wave™: External Threat Intelligence Services, Q3 2018.
After evaluating 15 vendors on 10 criteria, Forrester found FireEye to be the leader:
- "Leads the pack with its collection capabilities. The importance of iSight Partners and Mandiant cannot be overlooked when assessing FireEye’s threat intelligence capabilities, which marry digital forensics, human intelligence (HUMINT), and a global sensor network."
- "Best fit for companies desiring a breadth of outcomes from a single vendor"
Learn more about FireEye Cyber Threat Intelligence
Accelerate
Your
Attack Response with Mandiant Advantage
Know the threats that matter to you, right now.
Accelerate Your
Attack Response
Read the latest FIN11 report in Mandiant
Advantage.
FREE cyber threat intelligence on a powerful SaaS platform.
Cyber threat intelligence on advanced attack groups and technology vulnerabilities
FireEye regularly publishes cyber threat intelligence reports that describe the members of Advanced Persistent Threat (APT) groups, how they work and how to recognize their tactics, techniques and procedures. Cyber threat intelligence reports also cover vulnerabilities of specific business technologies, such as email, sandboxes and mobile devices. With access to such details cyber security experts can build better defenses against these APT groups and advanced cyber attacks.
Suspected Iranian Influence Operation
Leveraging Inauthentic News Sites and Social Media Aimed at U.S., U.K., Other Audiences.
APT28: At the center of the Russian cyber storm
Is the threat actor group, APT28, sponsored by the Russian government? Read about their decade-long cyber support of Russia's strategic interests, impacting the Syrian conflict, the 2016 U.S. presidential election and more.
APT37 (Reaper): The Overlooked North Korean Actor
Learn more about a suspected North Korean cyber espionage group that we now track as APT37 (Reaper).
Threat Intelligence: Independent Research
- The Numbers Game: How Many Alerts is too Many to HandleWorldwide survey of C-level security executives at large enterprise companies on how they manage huge volumes of security alerts.
- IANS Research Survey: Building a Better Budget for Advanced Threat Detection and Prevention Survey of how security teams are trying to influence budget prioritization throughout their organizations for advanced security solutions.
- Definitive Guide to Advanced Threat Protection Comprehensive guide on how next-generation threat protection can fill the gaps in organizations' network defenses to protect against modern cyber attacks.
- NIST: Best Practices in Cyber Security Chain Risk Management Use case on securing the supply chain and integrating hardware development and manufacturing operations for risk management.
- Forrester Research: Determine The Business Value Of An Effective Security Program Report on the Information Security Value Model that helps calculate the value of security and share that information with executives.
- IANS Data Compromise Awareness Survey detailing the inadequacy of traditional IT security at large enterprises
- ISMG: The Need for Speed: 2013 Incident Response SurveySurvey findings detail the top challenges faced by incident response teams
Threat Intelligence: Attack Groups
- APT28: At the Center of the Russian Cyber StormRead about their decade-long cyber support of Russia's strategic interests, impacting the Syrian conflict, the 2016 U.S. presidential election, and more.
- Follow the Money: Dissecting the operations of the cyber crime group FIN6Learn more about FIN6 threat group, their operations to steal payment card data and how they sell that information to an underground card shop.
- FIN10: Anatomy of a Cyber Extortion OperationA set of financially motivated intrusion operations being carried out by an actor dubbed FIN10 are targeting casinos and mining organizations in North America (with a focus on Canada).
- Red Line Drawn: China recalculates its use of cyber espionage Report that details recent Chinese cyber operation findings despite the September 2015 agreement between President Barack Obama and Chinese President Xi Jinping.
- Follow the Money: Dissecting the operations of the cyber crime group FIN6Download the report to learn about FIN6’s operations to steal payment card data and sell that information to an underground card shop.
- Pinpointing Targets: Exploiting web analytics to ensnare victimsThreat intelligence on how attackers alter websites and redirect visitors to a profiling script called WITCHCOVEN.
- HAMMERTOSS: Stealthy tactics define a Russian cyber threat groupThreat intelligence on the history, targets, and methodology of the Russian APT29 group that created the elusive malware backdoor HAMMERTOSS.
- An Inside Look: Into the world of Nigerian scammersThreat intelligence on a Nigeria-based scam, including its targets, tactics, organization, expertise, techniques, tools, and most importantly, how you can protect yourself from losing thousands of dollars.
- APT17: Hiding in plain sight - FireEye and Microsoft expose obfuscation tacticThreat intelligence on how the China-based APT17 group used Microsoft’s TechNet blog for its Command-and-Control (CnC) operation.
- APT30: The mechanics behind a decade long cyber espionage operationThreat intelligence on the APT30 group, which directed an extended cyber attack on government and commercial targets with critical political, economic, and military information.
- APT1: Exposing one of China's cyber espionage units Threat intelligence on the APT1 group, which has conducted a cyber espionage campaign against a broad range of victims since at least 2006.
- APT1: Digital appendix and indicators Threat intelligence with a list of more than 3,000 APT1 indicators, including domain names, IP addresses, X.509 encryption certificates and MD5 hashes of malware in APT1's arsenal of digital weapons.
- Behind the Syrian conflict's digital front linesThis report highlights how Syrian opposition forces fell victim to a well-executed hacking operation targeting secret communications and plans.
- Hacking the street? FIN4 likely playing the marketFIN4 group targets over 100 publicly traded companies and advisory boards. Find out the targeted industries, techniques used, and more.
- APT28: A window into Russia's cyber espionage operationsReport that uncovers how a Russian attack group targets insider information related to governments, militaries, and security organizations.
- Operation Saffron Rose Insight into multiple cyber-espionage operations against companies in the U.S. defense industrial base and Iranian dissidents.
- Operation “Ke3chang”: Targeted attacks against ministries of foreign affairs Insight into how ministries of foreign affairs in Europe were targeted and compromised by a threat actor FireEye has dubbed “Ke3chang”.
- Supply chain analysis: From quartermaster to sunshop Examination of 11 seemingly unrelated APT campaigns that, upon further investigation, reveal shared characteristics that suggest a common “supply-chain” infrastructure.
Threat Intelligence: Technologies
- Six Subversive Security Concerns for Industrial Environments Learn about six key plant floor weaknesses that adversaries exploit to undermine plant operations. Subversive and difficult to detect, get a step-by-step checklist for mitigating risks associated with these rarely-recognized vulnerabilities.
- Connected Cars: The open road for hackersFind out the top 5 risks posed to interior and exterior vehicle systems.
- FireEye Labs Report: 2015 holiday season email campaignsFireEye Labs collected data on the six most prominent malware families delivered during the 2015 holiday season.
- SYNful Knock: A Cisco implantInsight into how attackers use Cisco routers as a threat vector to establish a foothold and compromise data.
- Windows Management Instrumentation (WMI) offense, defense, and forensics An in-depth look at how the Windows Management Instrumentation (WMI) has been used by attackers and what network defenders can do to properly detect and respond to attacks that utilize WMI.
- Mobile Threat ReportThis report details several aspects of key mobile threats, covering targeted malware, adware and non-malicious apps with serious vulnerabilities.
- Hot knives through butter: Evading file-based sandboxes Overview of techniques used to evade off-the-shelf file-based sandboxes.
- A daily grind: Filtering Java vulnerabilities This report examines the inner workings of three commonly exploited Java vulnerabilities, their behaviors, and the infection flow of exploit kits that target them.
- Investigating PowerShell attacks This paper focuses on forensic analysis and discusses the Windows security controls intended to limit malicious usage of PowerShell, and the authors’ assumptions regarding an attacker’s level of access.
- Digital bread crumbs: Seven clues to identifying who's behind advanced cyber attacks Insight into what to look for to help identify attackers.
- Leviathan: Command and control communications on planet Earth This report analyzes first stage command and control (C2) malware callbacks from FireEye clients around the world.
- Sidewinder Targeted Attack against Android in the golden age of ad libraries A look at how the Sidewinder Targeted Attack allows threat actors to take over Android devices to track location, take photos, send texts, and more via the ads libraries Android apps are built on.
- DLL Side-loading: A thorn in the side of the anti-virus industry Insight into this popular cyber attack method and measures to take to ensure legitimate files are not exploited.
- Brewing up trouble: Analyzing four widely exploited Java vulnerabilities Examination of the inner workings of the four most commonly exploited Java vulnerabilities.
- The Little Malware That Could: Detecting and defeating the China Chopper Web Shell Information on the features that make the China Chopper Web Shell a popular tool for cyber attackers and how to better detect it.
- Poison Ivy: Assessing damage and extracting intelligence Information on Poison Ivy, a RAT that is still being used, and Calamine, a set of free tools to detect Poison Ivy infections.
- Top words used in spear phishing attacks Insight into the nature of files used by cybercriminals to bypass traditional security defenses.