Categories » Persistent Threats

Mask/Careto Unmasked, Shadowy Spanish Spybots Slink into Sunset

Amid continuous revelations of a variety of “Advanced Persistent Threat” (APT) hacking operations sponsored by nation states–among them Flame/Gauss/Duqu/Stuxnet, Red October, Comment Crew, Shamoon, Icefog and Dark Seoul– the major global players such as the US, Russia, and China have … Continue reading

The Syrian Electronic Army: Mediums of Disinformatics

“We are just Syrian youths who want to defend their country against the media campaign that is full of lies and fabricated news reports” The Syrian Electronic Army (SEA) most likely began at least in part as an outgrowth of … Continue reading

Flames of the Dragon: A Profile of the PRC’s Cyber Situation

Since February of last year when the Mandiant Report was released, China has been at the forefront of cyber security news. It has become apparent that the PRC is waging all-out economic warfare through the use of widespread cyber espionage, … Continue reading

FBI Asking Tech Vendors to Install Backdoors

Wickr’s Nico Sell has disclosed in a PCMag article that she was approached by the FBI at a security conference, and that an agent casually asked if she would be willing to install a backdoor for them in her company’s … Continue reading

How to Beat Goliath

If you were curious about how to take on an APT, check out this summary by Gartner, Inc., a private information technology research company. Released in September 2013, this report’s recommendations are short, sweet and informative. – by Ben Volcsko, Research Assistant

For All of You Sinophiles Out There…

The Australian Strategic Policy Institute (ASPI) produced a great report on the People’s Republic of China’s cyber intelligence capabilities. Titled Enter the Cyber Dragon: Understanding Chinese Intelligence Agencies, this report is a great starting point for getting a grip on what the … Continue reading

Cyber Threats to the Global Oil Supply Chain

The Federation of American Scientists has published a paper detailing threats to the global oil supply chain. Rounding out a list of major regional and geopolitical threats to the global oil infrastructure, the risks of SCADA and other attacks on … Continue reading

The Sunshop Digital Quartermaster – a State Cyber-Espionage Armory?

Cyber-security research firm FireEye has published a new report alleging that there may be a single actor providing important code development resources to as many as 11 separate APT campaigns. All of the tools have been written using a Chinese … Continue reading

Red October(?) Evolves, Hits Finnish Foreign Ministry

The Red October RAT (Remote Access Tool) which has been extensively analyzed by Kaspersky appears to have continued its development. The Finnish Foreign Ministry has disclosed that they were the victims of a penetration attack going on over four years. … Continue reading

“Paunch” Punches Out, Blackhole Kit Hits the Rocks

The Blackhole Exploit Kit, one of the more popular methods of delivering criminal malware to unsuspecting users, has run into a number of difficulties in the last few days. The leading crimeware kit, which has usually been updated as often … Continue reading

QUANTUM and FOXACID; NSA:TAO MiTMing TOR Users

Bruce Schneier has recently published a series of articles on the ways that the users of the TOR network and others have been targeted with exploits by the NSA’s Tailored Access Operations group. He has also posted a full explanation … Continue reading

Icefog Crew Shows You Don’t Need a 100 Person Team to be an APT

Kaspersky Lab has published a report on the activities of a small crew of advanced hackers using custom tools. Kaspersky received assistance from the Korea Internet & Security Agency and Interpol during their investigation.  The team appears to be based … Continue reading

Comment Crew Going After Drone Tech

An article in the New York Times by Edward Wong details the efforts of the State-supported Chinese hacking group known as the “Comment Crew” (and widely suspected to be PLA unit 61398) to surreptitiously acquire military drone technology by hacking into … Continue reading

“Hidden Lynx” Revealed

Internet security researchers at Symantec have just published an analysis of one of the leading hacking groups that have been classified as “Advanced Persistent Threats”. The “Hidden Lynx” group has been credited with the mass break-in on tech companies such … Continue reading