Home Malware Threats

Threats

Review Current Cyber Threats & Learn How To Protect Computers, Servers & Cloud Workloads. Threat intelligence and news reporting on the latest cyber adversaries an their tools. Prevent Cyber Attacks. The latest malware and APT information.

Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service

0
In this blog post we will describe: How attackers use the Background Intelligent Transfer Service (BITS) Forensic techniques for detecting attacker activity with data format specifications Public release of the BitsParser tool A...

New steganography attack targets Azerbaijan

0
A lure document targeting Azerbaijan uses steganography to conceal a remote administration Trojan. This blog post was authored by Hossein Jazi Threat actors often vary their techniques to thwart security...

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

0
Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that...

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

0
Beginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation of web...

Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory

0
Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at...

So Unchill: Melting UNC2198 ICEDID to Ransomware Operations

0
Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a...

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion

0
Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell...

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)

0
In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we discussed the X2e at a...

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

0
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s...

Cleaning up after Emotet: the law enforcement file

0
Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines. This blog post was authored by Hasherezade...