SUNBURST Additional Technical Details
FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers...
In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871
FireEye Mandiant has been investigating compromised Oracle Solaris machines in customer environments. During our investigations, we discovered an exploit tool on a customer’s system and analyzed it to see...
Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
In this blog post we will describe:
How attackers use the Background Intelligent Transfer Service (BITS)
Forensic techniques for detecting attacker activity with data format specifications
Public release of the BitsParser tool
A...
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a...
SolarWinds advanced cyberattack: What happened and what to do now
Possibly the largest hacking operation of 2020 was just unveiled. In this blog we share what we know and what you should do right now.
Over the weekend we...
SolarWinds attackers launch new campaign
The Microsoft Threat Intelligence Center has issued a warning about new activities from Nobelium, the group behind SolarWinds, Sunburst, and related attacks.
Nobelium is a synthetic chemical element with...
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.
This post was authored by Hossein Jazi
On December 7 2020 we...
A deep dive into Saint Bot, a new downloader
Saint Bot is a downloader that has been used to drop stealers. We take a deep look at it and its accompanying panel.
This post was authored by Hasherezade...
Malsmoke operators abandon exploit kits in favor of social engineering scheme
Threat actors behind malsmoke, one of the largest malvertising campaigns we've seen in recent months, have switched malware delivery tactics.
Exploit kits continue to be used as a malware...
Unauthorized Access of FireEye Red Team Tools
Overview
A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to...
