Home Malware Threats

Threats

Review Current Cyber Threats & Learn How To Protect Computers, Servers & Cloud Workloads. Threat intelligence and news reporting on the latest cyber adversaries an their tools. Prevent Cyber Attacks. The latest malware and APT information.

Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

0
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this...

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

0
A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro. This post was authored by Hossein Jazi On December 7 2020 we...

SUNBURST Additional Technical Details

0
FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers...

SolarWinds advanced cyberattack: What happened and what to do now

0
Possibly the largest hacking operation of 2020 was just unveiled. In this blog we share what we know and what you should do right now. Over the weekend we...

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

0
Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates...

Unauthorized Access of FireEye Red Team Tools

0
Overview A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to...

Using Speakeasy Emulation Framework Programmatically to Unpack Malware

0
Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox...

German users targeted with Gootkit banker or REvil ransomware

0
After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead. This blog post...

Election Cyber Threats in the Asia-Pacific Region

0
In democratic societies, elections are the mechanism for choosing heads of state and policymakers. There are strong incentives for adversary nations to understand the intentions and preferences of the...

Purgalicious VBA: Macro Obfuscation With VBA Purging

0
Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a...