Category: advanced persistent threats

Pivoting off Hidden Cobra Indicators

On June 13th 2017, US-CERT issued a joint Technical Alert (TA17-164A) entitled Hidden Cobra – North Korea’s DDoS Botnet Infrastructure. The alert, which was the result of analytic efforts between the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), included a list […]

Read more

Greenbug’s DNS-isms

Over the past few months there has been a lot of research and press coverage on the Shamoon campaigns. These have been the attacks on Saudi Arabian companies where a destructive malware known as Disttrack was deployed. The malware, using stolen credentials, spreads throughout the […]

Read more

Acronym: M is for Malware

A malware researcher known as Antelox recently tweeted about an unknown malware sample that caught our eye. Upon further investigation, it is a modular malware known as Acronym and could possibly be associated with the Win32/Potao malware family and the Operation Potao Express campaign. This […]

Read more

The Four Element Sword Engagement

Ongoing APT activity against Tibetans, Hong Kong and Taiwanese interests

In “The Four Element Sword Engagement (Full Report)”, Arbor ASERT reveals recent ongoing APT activity likely associated with long-running threat campaigns against Tibetans, Hong Kong, Taiwanese interests and human rights workers. We presume the existence of associated malcode, dubbed the Four Element Sword Builder, which is being used to weaponize RTF documents for use in these campaigns. A sample of twelve different targeted exploitation incidents (taken from a larger set of activity) are described along any discovered connections to previously documented threat campaigns.

Read more

Uncovering the Seven Pointed Dagger

The full report “Uncovering the Seven Pointed Dagger: Discovery of the Trochilus RAT and Other Targeted Threats” can be downloaded here. Threat actors with strategic interest in the affairs of other governments and civil society organizations have been launching targeted exploitation campaigns for years. Typically, these […]

Read more