Clik here to view.
The Dingo and the Baby
SUMMARY: FireEye has been tracking an APT campaign for a while and we have noticed that this attack is currently active and targeting companies.In this case, the campaign uses the name of the company...
View ArticleClik here to view.
Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese...
On March 16th, we discovered a premeditated waterhole campaign that hosts exploits and malware on websites frequented by a specific target group. In this case the target includes Chinese dissidents....
View ArticleClik here to view.
Sanny CnC Backend Disabled
We recently encountered in the wild another sample related to the Sanny APT. For readers who are not familiar with the Sanny APT, please refer to our previous blog for the background. The sample was...
View ArticleClik here to view.
Trojan.APT.BaneChant: In-Memory Trojan That Observes for Multiple Mouse Clicks
Summary Last December, our senior malware researcher (Mr. Abhishek Singh) posted an article about a Trojan which could detect mouse clicks to evade sandbox analysis. Interestingly, we have found...
View ArticleClik here to view.
The Mutter Backdoor: Operation Beebus with New Targets
FireEye Labs has observed a series of related attacks against a dozen organizations in the aerospace, defense, and telecommunications industries as well as government agencies located in the United...
View ArticleClik here to view.
New Targeted Attack On Taiwanese Government & Tibetan Activists Open Up a Can...
We observed new targeted attacks targeting various personnel with pro-Tibetan views. The targets? We’ve seen targets at various branches of the Taiwanese government as well as a professor at the...
View ArticleMalware Callbacks
Today we released our first-ever analysis of malware callbacks. Our report can be accessed here: http://www2.fireeye.com/WEB2013ATLReport.html. FireEye monitored more than 12 million malware...
View ArticleIE Zero Day is Used in DoL Watering Hole Attack
Similar to what we found before in a series of watering hole attacks, targeting CFR and Chinese Dissidents, zero-day and just patched vulnerabilities were used. In the latest watering hole attack...
View ArticleClik here to view.
Targeted Attack Trend Alert: PlugX the Old Dog With a New Trick
FireEye Labs has discovered a targeted attack towards Chinese political rights activists. The targets appear to be members of social groups that are involved in the political rights movement in China....
View ArticleReady for Summer: The Sunshop Campaign
We recently identified another targeted attack campaign that leveraged both the recently announced Internet Explorer zero-day, CVE-2013-1347, as well as recently patched Java exploits CVE-2013-2423 and...
View ArticleClik here to view.
Trojan.APT.Seinup Hitting ASEAN
1. Executive Summary The FireEye research team has recently identified a number of spear phishing activities targeting Asia and ASEAN. Of these, one of the spear phishing documents was suspected to...
View ArticleClik here to view.
Syrian Electronic Army Hacks Major Communications Websites
Syrian Electronic Army (SEA) has recently compromised three widely-used online communications websites, each of which could have serious real-world consequences for Syria’s political opposition. July...
View ArticleHot Knives Through Butter: Bypassing File-based Sandboxes
Diamonds are a girl’s best friend. Prime numbers are a mathematician’s best friend. And file-based sandboxes are an IT security researcher’s best friend. Unfortunately, malware authors know this. Aware...
View ArticleClik here to view.
The Curious Case of Encoded VB Scripts : APT.NineBlog
We came across a rather peculiar TTP (Tools, Techniques, and Procedures) in a targeted attack we found recently. This targeted attack uses simpler techniques but still remains effective in infiltrating...
View ArticleClik here to view.
Breaking Down the China Chopper Web Shell – Part I
Part I in a two-part series. China Chopper: The Little Malware That Could China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth. Other than a good blog...
View ArticleClik here to view.
Breaking Down the China Chopper Web Shell – Part II
Part II in a two-part series. Read Part I. Introduction In Part I of this series, I described China Chopper’s easy-to-use interface and advanced features — all the more remarkable considering the Web...
View ArticleThe Sunshop Campaign Continues
We recently detected what we believe is a continuation of the Sunshop campaign that we first revealed on May 20, 2013. This follow-on to the Sunshop campaign started on July 17, 2013. In this latest...
View ArticlePoison Ivy: Assessing Damage and Extracting Intelligence
Today, our research team is publishing a report on the Poison Ivy family of remote access tools (RATs) along with a package of tools created to work as a balm of sorts — naturally, we’re calling the...
View ArticleClik here to view.
Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
FireEye has discovered a campaign leveraging the recently announced zero-day CVE-2013-3893. This campaign, which we have labeled ‘Operation DeputyDog’, began as early as August 19, 2013 and appears to...
View ArticleOperation DeputyDog Part 2: Zero-Day Exploit Analysis (CVE-2013-3893)
In our previous blog post my colleagues Ned and Nart provided a detailed analysis on the Advanced Persistent Threat (APT) Campaign Operation DeputyDog. The campaign leveraged a zero-day vulnerability...
View Article