Targeted Attacks

July 2014
S	M	T	W	T	F	S
« Jun
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Jul2	KIVARS With Venom: Targeted Attacks Upgrade with 64-bit “Support” 7:56 pm (UTC-7) \| by Kervin Alintanahin (Threats Analyst)

In announcing the release of the 64-bit version for Chrome last month, Google mentioned that one of the primary drivers of the move was that majority of Windows users are now using 64-bit operating systems. The adoption rate for 64-bit for Windows has been a tad slower than what Microsoft had initially predicted, but it has been steady, and it is evident in the availability of support by software developers. Unfortunately, however, we've been seeing the same adoption being implemented by attackers through ...

Posted in Bad Sites, Malware, Targeted Attacks |

Jun25

PlugX RAT With “Time Bomb” Abuses Dropbox for Command-and-Control Settings

6:05 am (UTC-7) | by Maersk Menrige (Threats Analyst)

Monitoring network traffic is one of the means for IT administrators to determine if there is an ongoing targeted attack in the network. Remote access tools or RATs, commonly seen in targeted attack campaigns, are employed to establish command-and-control (C&C) communications. Although the network traffic of these RATs, such as Gh0st, PoisonIvy, Hupigon, and PlugX, among others, are well-known and can be detected, threat actors still effectively use these tools in targeted attacks. Last May we encountered a targeted attack that hit ...

Posted in Targeted Attacks | 1 TrackBack »

Jun17

Template Document Exploit Found in Several Targeted Attacks

10:00 am (UTC-7) | by Maersk Menrige (Threats Analyst)

The use of contextually-relevant emails is one of the most common social engineering tactics employed in targeted attacks. Emails still being the primary mode of business communications are often abused to deliver exploits to penetrate a network that consequently lead to other stages of a targeted attack cycle. In one of the targeted attacks we’re monitoring, threat actors used the news of a plane crash that killed the deputy prime minister of Laos. The email message bore the subject line BREAKING: ...

Posted in Exploits, Malware, Targeted Attacks | 1 TrackBack »

Jun10

Targeted Attack Methodologies for Cybercrime

5:41 am (UTC-7) | by Loucif Kharouni (Senior Threat Researcher)

We recently wrote about the difference between cybercrime and a cyber war, which narrows down to the attack's intent. With the same intent of gaining information to use against targets, cybercriminals and attackers tend to stress less importance in their choice of "tools", as these campaigns are all about who carries out the attack. Ultimately, a simple equation can be drawn from these observations, in which a highly successful attack is composed of the attack's intent and the right tools. Our newest ...

Posted in Hacked Sites, Malware, Targeted Attacks |

Jun4	ANTIFULAI Targeted Attack Exploits Ichitaro Vulnerability 6:26 am (UTC-7) \| by Maersk Menrige (Threats Analyst)

Targeted attacks are difficult to detect and mitigate by nature. We recently uncovered a targeted attack campaign we dubbed as “ANTIFULAI” that targets both government agencies and private industries in Japan. In our 2H 2013 Targeted Attack Trends report, we found that 80% of the analyzed cases of targeted attacks hit government institutions. Like many targeted attacks, ANTIFULAI uses several emails as entry vectors to get the attention of its would-be targets. In this particular case, the detected email posed as a job application inquiry ...

Posted in Malware, Targeted Attacks | 1 TrackBack »