Monitoring network traffic is one of the means for IT administrators to determine if there is an ongoing targeted attack in the network. Remote access tools or RATs, commonly seen in targeted attack campaigns, are employed to establish command-and-control (C&C) communications. Although the network traffic of these RATs, such as Gh0st, PoisonIvy, Hupigon, and PlugX, among…
Read MoreThreats Analyst
The use of contextually-relevant emails is one of the most common social engineering tactics employed in targeted attacks. Emails still being the primary mode of business communications are often abused to deliver exploits to penetrate a network that consequently lead to other stages of a targeted attack cycle. In one of the targeted attacks we’re…
Read MoreTargeted attacks are difficult to detect and mitigate by nature. We recently uncovered a targeted attack campaign we dubbed as “ANTIFULAI” that targets both government agencies and private industries in Japan. In our 2H 2013 Targeted Attack Trends report, we found that 80% of the analyzed cases of targeted attacks hit government institutions. Like many targeted attacks, ANTIFULAI uses…
Read MoreThe Windows PowerShell® command line is a valuable Windows administration tool designed especially for system administration. It combines the speed of the command line with the flexibility of a scripting language, making it helpful for IT professionals to automate administration of the Windows OS and its applications. Unfortunately, threat actors have recently taken advantage of…
Read More