Hand Me Downs: Exploit and Infrastructure Reuse Among APT Campaigns
Since we first reported on Operation DeputyDog, at least three other Advanced Persistent Threat (APT) campaigns known as Web2Crew, Taidoor, and th3bug have made use of the same exploit to deliver their...
View ArticleClik here to view.
ASLR Bypass Apocalypse in Recent Zero-Day Exploits
ASLR (Address Space Layout Randomization) is one of the most effective protection mechanisms in modern operation systems. But it’s not perfect. Many recent APT attacks have used innovative techniques...
View ArticleClik here to view.
Evasive Tactics: Terminator RAT
FireEye Labs has been tracking a variety of advanced persistent threat (APT) actors that have been slightly changing their tools, techniques, and procedures (TTPs) in order to evade network defenses....
View ArticleClik here to view.
Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method
Recently, we discovered a new IE zero-day exploit in the wild, which has been used in a strategic Web compromise. Specifically, the attackers inserted this zero-day exploit into a strategically...
View ArticleSupply Chain Analysis: From Quartermaster to Sunshop
Today, we released a new report from FireEye Labs entitled Supply Chain Analysis: From Quartermaster to Sunshop. The report details how many seemingly unrelated cyber attacks may, in fact, be part of a...
View ArticleClik here to view.
Dissecting Android KorBanker
FireEye recently identified a malicious mobile application that installs a fake banking application capable of stealing user credentials. The top-level app acts as a bogus Google Play application,...
View ArticleTrends in Targeted Attacks: 2013
FireEye has been busy over the last year. We have tracked malware-based espionage campaigns and published research papers on numerous advanced threat actors. We chopped through Poison Ivy, documented a...
View ArticleClik here to view.
Targeted Attacks in 2013: Asia Pacific
Here at FireEye, the New Year gives us an opportunity to look back at 2013 and analyze what happened in cyber security from a high-level and strategic perspective. Let’s start with Asia. Cyber attacks...
View ArticleClik here to view.
Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars...
On February 11, FireEye identified a zero-day exploit (CVE-2014-0322) being served up from the U.S. Veterans of Foreign Wars’ website (vfw[.]org). We believe the attack is a strategic Web compromise...
View ArticleClik here to view.
Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised,...
Less than a week after uncovering Operation SnowMan, the FireEye Dynamic Threat Intelligence cloud has identified another targeted attack campaign — this one exploiting a zero-day vulnerability in...
View ArticleCybercriminals Continue to Target Retail Sector
A series of spectacular cyber attacks have breached big-name retail stores in recent months, including Target, Nieman Marcus, and Michaels. These incidents are the only latest in what has become an...
View ArticleClik here to view.
A Detailed Examination of the Siesta Campaign
Executive Summary FireEye recently looked deeper into the activity discussed in TrendMicro’s blog and dubbed the “Siesta” campaign. The tools, modus operandi, and infrastructure used in the campaign...
View ArticleClik here to view.
Spear Phishing the News Cycle: APT Actors Leverage Interest in the...
While many advanced persistent threat (APT) groups have increasingly embraced strategic Web compromise as a malware delivery vector, groups also continue to rely on spear-phishing emails that leverage...
View ArticleNew Zero-Day Exploit targeting Internet Explorer Versions 9 through 11...
Summary FireEye Research Labs identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks. The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through...
View Article“Operation Clandestine Fox” Now Attacking Windows XP Using Recently...
On April 26th, FireEye Research Labs notified the public of a new IE zero-day exploit being used in “Operation Clandestine Fox.” The initial attack targeted users of IE versions 9, 10, and 11 on...
View ArticleClik here to view.
Molerats, Here for Spring!
Between 29 April and 27 May, FireEye Labs identified several new Molerats attacks targeting at least one major U.S. financial institution and multiple, European government organizations. When we last...
View ArticleClik here to view.
Clandestine Fox, Part Deux
We reported at the end of April and the beginning of May on an APT threat group leveraging a zero-day vulnerability in Internet Explorer via phishing email attacks. While Microsoft quickly released a...
View ArticleClik here to view.
Dissecting Android KorBanker
FireEye recently identified a malicious mobile application that installs a fake banking application capable of stealing user credentials. The top-level app acts as a bogus Google Play application,...
View ArticleTrends in Targeted Attacks: 2013
FireEye has been busy over the last year. We have tracked malware-based espionage campaigns and published research papers on numerous advanced threat actors. We chopped through Poison Ivy, documented a...
View ArticleClik here to view.
Molerats, Here for Spring!
Between 29 April and 27 May, FireEye Labs identified several new Molerats attacks targeting at least one major U.S. financial institution and multiple, European government organizations. When we last...
View Article