Lucene search
+L
FireeyeMost viewed

545 matches found

FireEye
FireEye
added 2017/10/11 2:30 a.m.13 views

North Korean Actors Spear Phish U.S. Electric Companies

We can confirm that FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to U.S. electric companies by known cyber threat actors likely affiliated with the North Korean government. This activity was early-stage reconnaissance, and not necessarily indicative of an...

7.3AI score
Exploits0References1
FireEye
FireEye
added 2017/09/11 5:0 p.m.13 views

Why Is North Korea So Interested in Bitcoin?

In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabilities to conduct cyber crime, targeting banks and the global financial system. This marked a departure from previously observed activity of North Korean actors employing cyber espionage for traditiona...

0.8AI score
Exploits0
FireEye
FireEye
added 2017/04/12 8:0 a.m.13 views

What About the Plant Floor? Six Subversive Concerns for ICS Environments

Industrial enterprises such as electric utilities, petroleum companies, and manufacturing organizations invest heavily in industrial control systems ICS to efficiently, reliably, and safely operate industrial processes. Without this technology operating the plant floor, these businesses cannot...

0.9AI score
Exploits0
FireEye
FireEye
added 2016/06/02 8:0 a.m.13 views

IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems

In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering FLARE team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE...

7.4AI score
Exploits0
FireEye
FireEye
added 2014/10/09 8:35 p.m.13 views

MIRcon 2014 – Day 2 Highlights

MIRcon 2014 It seemed fitting that the last day of MIRcon started with a total lunar eclipse and ended with an inspirational keynote address by renowned astrophysicist Dr. Neil deGrasse Tyson. After an amazing two days of content, MIRcon 2014 is officially in the books! Following are some of the...

0.7AI score
Exploits0
FireEye
FireEye
added 2012/09/24 3:50 p.m.13 views

MIRcon 2012: Overall Themes for the Management Track

Mandiant will host its third annual MIRcon on October 17th and 18th in Washington, DC. I attended the previous two MIRcon conferences, first as Director of Incident Response for my previous employer, and last year as Mandiant's Chief Security Officer. Last year we decided to host both a technical...

1.1AI score
Exploits0
FireEye
FireEye
added 2020/02/11 5:0 p.m.12 views

Managed Defense: The Analytical Mindset

When it comes to cyber security managed services or otherwise, you’re ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an...

7.8AI score
Exploits0References1
FireEye
FireEye
added 2019/08/23 6:30 p.m.12 views

Healthcare: Research Data and PII Continuously Targeted by Multiple Threat Actors

The healthcare industry faces a range of threat groups and malicious activity. Given the critical role that healthcare plays within society and its relationship with our most sensitive information, the risk to this sector is especially consequential. It may also be one of the major reasons why we...

Exploits0References5
FireEye
FireEye
added 2018/09/13 11:0 p.m.12 views

Bypassing Antivirus for Your Antivirus Bypass

Chances are you have heard about how easy it can be to evade antivirus. Often, this is because the signatures used by vendors are too simplistic and can be successfully duped without changing the functionality of the malware. Have you ever attempted to evade AV? Is it really that easy? In this bl...

7AI score
Exploits0References6
FireEye
FireEye
added 2017/04/12 8:0 a.m.12 views

What About the Plant Floor? Six Subversive Concerns for ICS Environments

Industrial enterprises such as electric utilities, petroleum companies, and manufacturing organizations invest heavily in industrial control systems ICS to efficiently, reliably, and safely operate industrial processes. Without this technology operating the plant floor, these businesses cannot...

7AI score
Exploits0
FireEye
FireEye
added 2017/02/22 2:45 p.m.12 views

Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...

8.1AI score
Exploits0References2
FireEye
FireEye
added 2016/09/29 8:0 a.m.12 views

Vendetta Brothers, Inc. – A Window Into the Business of the Cybercriminal Underground

FireEye iSIGHT Intelligence has been tracking a pair of cybercriminals that we refer to as the “Vendetta Brothers.” This enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information and sell it on their underground marketplace “Vendetta World.” The...

1.2AI score
Exploits0
FireEye
FireEye
added 2016/08/17 4:15 p.m.12 views

Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns

Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...

6.9AI score
Exploits0References1
FireEye
FireEye
added 2016/07/19 8:45 p.m.12 views

Amazon Same Day Credential Shipping

FireEye has identified a campaign involving phishing websites that appear as legitimate Amazon sites. Amazon is the largest online retailer and threat actors frequently target its customers. In this attack, a person browsing the internet would be directed to authentic looking – yet fake – Amazon...

6.9AI score
Exploits0References3
FireEye
FireEye
added 2016/07/19 4:45 p.m.12 views

Amazon Same Day Credential Shipping

FireEye has identified a campaign involving phishing websites that appear as legitimate Amazon sites. Amazon is the largest online retailer and threat actors frequently target its customers. In this attack, a person browsing the internet would be directed to authentic looking – yet fake – Amazon...

0.7AI score
Exploits0
FireEye
FireEye
added 2016/06/24 5:30 p.m.12 views

Locky is Back Asking for Unpaid Debts

On June 21, 2016, FireEye’s Dynamic Threat Intelligence DTI identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. As shown in Figure 1, Locky spam activity was uninterrupted until June 1,...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/04/22 3:0 p.m.12 views

New Downloader for Locky

Through DTI Intelligence analysis, We have been observing Locky malware rise to fame recently. Locky is ransomware that is aggressively distributed via downloaders attached in spam emails, and it may have surpassed the Dridex banking trojan in popularity. In previous campaigns, the ransomware was...

7.5AI score
Exploits0References1
FireEye
FireEye
added 2018/04/05 3:0 p.m.11 views

Fake Software Update Abuses NetSupport Remote Access Tool

Over the last few months, FireEye has tracked an in-the-wild campaign that leverages compromised sites to spread fake updates. In some cases, the payload was the NetSupport Manager remote access tool RAT. NetSupport Manager is a commercially available RAT that can be used legitimately by system...

7.8AI score
Exploits0
FireEye
FireEye
added 2017/04/08 12:30 a.m.11 views

Acknowledgement of Attacks Leveraging Microsoft Zero-Day

FireEye recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. This vulnerability allows a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. FireEye has observed several Office...

7AI score
Exploits0
FireEye
FireEye
added 2017/04/08 12:30 a.m.11 views

Acknowledgement of Attacks Leveraging Microsoft Zero-Day

FireEye recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. This vulnerability allows a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. FireEye has observed several Office...

7.3AI score
Exploits0
FireEye
FireEye
added 2017/03/31 12:0 a.m.11 views

Introducing Monitor.app for macOS

UPDATE 2 Oct. 24, 2018: Monitor.app now supports macOS 10.14. UPDATE April 4, 2018: Monitor.app now supports macOS 10.13. As a malware analyst or systems programmer, having a suite of solid dynamic analysis tools is vital to being quick and effective. These tools enable us to understand malware...

6.8AI score
Exploits0References3
FireEye
FireEye
added 2016/11/30 11:13 p.m.11 views

FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region

In 2012, a suspected Iranian hacker group called the “Cutting Sword of Justice” used malware known as Shamoon – or Disttrack. In mid-November, Mandiant, a FireEye company, responded to the first Shamoon 2.0 incident against an organization located in the Gulf states. Since then, Mandiant has...

7.4AI score
Exploits0
FireEye
FireEye
added 2016/09/29 12:0 p.m.11 views

Vendetta Brothers, Inc. – A Window Into the Business of the Cybercriminal Underground

FireEye iSIGHT Intelligence has been tracking a pair of cybercriminals that we refer to as the “Vendetta Brothers.” This enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information and sell it on their underground marketplace “Vendetta World.” The...

6.6AI score
Exploits0References1
FireEye
FireEye
added 2016/07/19 4:45 p.m.11 views

Amazon Same Day Credential Shipping

FireEye has identified a campaign involving phishing websites that appear as legitimate Amazon sites. Amazon is the largest online retailer and threat actors frequently target its customers. In this attack, a person browsing the internet would be directed to authentic looking – yet fake – Amazon...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/06/16 12:0 a.m.11 views

EMEA Organizations Must Rise to the Challenge of Stopping Advanced Threats

Since 2010, Mandiant, a FireEye company, has presented trends, statistics and case studies of cyber attacks involving advanced threat actors. As part of its many global investigations in 2015, Mandiant responded to several breaches in Europe, Middle East and Africa EMEA. Throughout the year we...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/06/14 8:0 a.m.11 views

Pwned by Vpon

Vpon is one of many mobile ad SDKs marketed towards mainland Chinese and Taiwanese developers and app users. Recently, FireEye mobile security researchers identified a branch of Vpon ad SDK on iOS containing code that allows a malicious actor be it the app developer or the SDK creator to remotely...

7AI score
Exploits0
FireEye
FireEye
added 2016/06/10 10:0 a.m.11 views

Connected Cars: The Open Road for Hackers

As vehicles become both increasingly complex and better connected to the Internet, their newfound versatility may be manipulated for malicious purposes. Three of the most concerning potential threats looking ahead to the next few years are those posed by manipulating vehicle operation, ransomware...

0.2AI score
Exploits0
FireEye
FireEye
added 2016/03/21 8:30 a.m.11 views

Stop Scanning My Macro

FireEye Labs detected an interesting evasion strategy in two recent, large Dridex campaigns. These campaigns changed the attachment file-type and location of malicious logic in an attempt to avoid scanners. Overview Both campaigns used an invoice theme and came from a wide variety of sending...

7.3AI score
Exploits0
FireEye
FireEye
added 2016/03/08 8:0 a.m.11 views

Relational Learning Tutorial

At FireEye, we apply machine learning techniques to a variety of security problems. Malware detection and categorization is a great use of the technology, and we believe that it can also play a role in security challenges that extend beyond malware. In one such R&D effort, the Innovation & Custom...

1.9AI score
Exploits0
FireEye
FireEye
added 2020/04/08 4:15 p.m.10 views

Limited Shifts in the Cyber Threat Landscape Driven by COVID-19

Though COVID-19 has had enormous effects on our society and economy, its effects on the cyber threat landscape remain limited. For the most part, the same actors we have always tracked are behaving in the same manner they did prior to the crisis. There are some new challenges, but they are...

7.1AI score
Exploits0References4
FireEye
FireEye
added 2019/05/30 3:0 p.m.10 views

Framing the Problem: Cyber Threats and Elections

This year, Canada, multiple European nations, and others will host high profile elections. The topic of cyber-enabled threats disrupting and targeting elections has become an increasing area of awareness for governments and citizens globally. To develop solutions and security programs to counter...

0.6AI score
Exploits0References4
FireEye
FireEye
added 2017/11/28 7:0 p.m.10 views

Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...

7.5AI score
Exploits0References2
FireEye
FireEye
added 2017/06/21 8:0 a.m.10 views

Remote Symbol Resolution

Introduction The following blog discusses a couple of common techniques that malware uses to obscure its access to the Windows API. In both forms examined, analysts must calculate the API start address and resolve the symbol from the runtime process in order to determine functionality. After...

7.2AI score
Exploits0
FireEye
FireEye
added 2017/06/21 8:0 a.m.10 views

Remote Symbol Resolution

Introduction The following blog discusses a couple of common techniques that malware uses to obscure its access to the Windows API. In both forms examined, analysts must calculate the API start address and resolve the symbol from the runtime process in order to determine functionality. After...

6.9AI score
Exploits0
FireEye
FireEye
added 2017/05/03 4:30 p.m.10 views

To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence

In 2017, Mandiant responded to multiple incidents we attribute to FIN7, a financially motivated threat group associated with malicious operations dating back to 2015. Throughout the various environments, FIN7 leveraged the CARBANAK backdoor, which this group has used in previous operations. A...

0.4AI score
Exploits0
FireEye
FireEye
added 2016/08/27 3:45 a.m.10 views

RIPPER ATM Malware and the 12 Million Baht Jackpot

On Aug. 23, 2016, FireEye detected a potentially new ATM malware sample that used some interesting techniques not seen before. To add more fuel to an existing fire, the sample was uploaded to VirusTotal from an IP address in Thailand a couple of minutes before the Bangkok Post newspaper reported...

6.7AI score
Exploits0References3
FireEye
FireEye
added 2016/08/24 7:0 p.m.10 views

M-Trends Asia Pacific: Organizations Must Improve at Detecting and Responding to Breaches

Since 2010, Mandiant, a FireEye company, has presented trends, statistics and case studies of some of the largest and most sophisticated cyber attacks. In February 2016, we released our annual global M-Trends® report based on data from the breaches we responded to in 2015. Now, we are releasing...

6.6AI score
Exploits0
FireEye
FireEye
added 2016/06/16 12:0 a.m.10 views

EMEA Organizations Must Rise to the Challenge of Stopping Advanced Threats

Since 2010, Mandiant, a FireEye company, has presented trends, statistics and case studies of cyber attacks involving advanced threat actors. As part of its many global investigations in 2015, Mandiant responded to several breaches in Europe, Middle East and Africa EMEA. Throughout the year we...

6.7AI score
Exploits0
FireEye
FireEye
added 2016/06/06 12:0 p.m.10 views

Angler Exploit Kit Evading EMET

We recently encountered some exploits from Angler Exploit Kit EK that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit EMET. This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7. Angler EK uses complex...

7.6AI score
Exploits0
FireEye
FireEye
added 2016/05/12 5:30 p.m.10 views

Cerber Ransomware Partners with the Dridex Spam Distributor

Cerber ransomware incorporates the unusual feature of “speaking” its ransom message after successfully infecting a user machine and encrypting files. Cerber was first seen in the wild at the end of February 2016 and was observed being delivered mostly via exploit kits EK, notably using Magnitude...

6.9AI score
Exploits0References3
FireEye
FireEye
added 2016/02/18 12:0 p.m.10 views

Maimed Ramnit Still Lurking in the Shadow

Newspapers have the ability to do more than simply keep us current with worldly affairs; we can use them to squash bugs! Yet, as we move from waiting on the newspaper delivery boy to reading breaking news on ePapers, we lose the subtle art of bug squashing. Instead, we end up exposing ourselves t...

0.4AI score
Exploits0
FireEye
FireEye
added 2013/10/07 4:20 p.m.10 views

MIRcon Preview: Why C-Level Executives Should Attend

Security conferences come and go and most are well attended by information security practitioners for professional development and networking. But what about the executives who are responsible for strategy and who hold the budgets - what conferences should they attend? With MIRcon 2013, Nov. 5-6,...

3.1AI score
Exploits0
FireEye
FireEye
added 2016/05/09 10:43 a.m.9 views

Locky Gets Clever!

As discussed in an earlier FireEye blog, we have seen Locky ransomware rise to fame in recent months. Locky is aggressively distributed via a JavaScript-based downloader sent as an attachment in spam emails, and may have overshadowed the Dridex banking Trojan as the top spam contributor. FireEye...

7.2AI score
Exploits0
FireEye
FireEye
added 2017/03/15 12:48 p.m.8 views

Still Getting Served: A Look at Recent Malvertising Campaigns Involving Exploit Kits

Malvertising occurs when an online advertising network knowingly or unknowingly serves up malicious advertisements on a website. Malvertisements are a type of “drive-by” threat that tend to result in users being infected with malware for simply visiting a website. The victims of this threat are...

6.6AI score
Exploits0References8
FireEye
FireEye
added 2013/10/08 6:51 p.m.6 views

MIRcon Preview: What to Expect in the Technical Track

MIRcon 2013, Nov. 5-6, Washington, DC is right around the corner. Have you registered yet? Don't miss out! With targeted attacks continuing for the foreseeable future, you should be sure to take advantage of this opportunity to learn from leading industry cybersecurity experts. The two day...

0.1AI score
Exploits0
Total number of security vulnerabilities545