SUNBURST Additional Technical Details
FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers...
SolarWinds advanced cyberattack: What happened and what to do now
Possibly the largest hacking operation of 2020 was just unveiled. In this blog we share what we know and what you should do right now.
Over the weekend we...
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
Executive Summary
We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452.
FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates...
Unauthorized Access of FireEye Red Team Tools
Overview
A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to...
Using Speakeasy Emulation Framework Programmatically to Unpack Malware
Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox...
German users targeted with Gootkit banker or REvil ransomware
After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.
This blog post...
Election Cyber Threats in the Asia-Pacific Region
In democratic societies, elections are the mechanism for choosing heads of state and policymakers. There are strong incentives for adversary nations to understand the intentions and preferences of the...
Purgalicious VBA: Macro Obfuscation With VBA Purging
Malicious Office documents remain a favorite technique for every type
of threat actor, from red teamers to FIN groups to APTs. In this blog
post, we will discuss "VBA Purging", a...
Malsmoke operators abandon exploit kits in favor of social engineering scheme
Threat actors behind malsmoke, one of the largest malvertising campaigns we've seen in recent months, have switched malware delivery tactics.
Exploit kits continue to be used as a malware...
WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques
Microsoft is known for their backwards compatibility. When they rolled out the 64-bit variant of Windows years ago they needed to provide compatibility with existing 32-bit applications. In order...