by Nart Villeneuve (Chief Research Officer, SecDev.cyber) Introduction Targeted attacks, known as “spear phishing,” are increasingly exploiting government and military themes in order to compromise defense contractors in the Unites States. [1] In 2009, the Washington Post reported that unknown attackers were able to break into a defense contractor and steal documents pertaining to the [...]
Tag Archives: Malware
Malware Attacks on Solid Oak After Dispute with Greendam
January 25, 2010 – 9:38 am
The Malware Lab, of which Nart Villeneuve is a member, posted an analysis of the attacks on Solid Oak which occurred after researchers found significant portions of code from Solid Oak’s Cybersitter in China’s Greendam filtering software. Read the full post here.
Malware Market
January 7, 2010 – 12:48 pm
There is a market for malware tools complete but buyers, sellers, and middlemen or “guarantors” that vouch for the sellers and his/her product. In fact, there is a “developer ecosystem” around the development of plugins around some of the more popular kits. These tools are effective even if are simplistic from a technical perspective. It [...]
Russian Malware Bundle
November 6, 2009 – 12:59 pm
The Malware Lab, of which Nart Villeneuve is a member, blogged about Russian malware that was found in a packet capture file from an infected computer associated with a political figure. Key findings: From the malware connections recorded in the packet capture file we were able to discover malware that bundled a Black Energy bot [...]
“0day”: Civil Society and Cyber Security
October 28, 2009 – 9:30 am
The Infowar Monitor, of which SecDev is a partner, has published a briefing that explores cases in which there is a some form of relationship between 0day exploits and their use against civil society organizations in an effort to understand the effect of these attacks given the difficult nature of attribution. Summary Civil society organizations [...]
Targeted Malware Attack on Foreign Correspondent’s based in China
October 1, 2009 – 12:42 am
The Infowar Monitor, of which SecDev is a partner, has published a short briefing detailing targeted malware attacks on foreign correspondent’s based in China. Key Findings: The content of the email, and the accompanying malicious attachment, are in well written English and contain accurate information. The email details a reporter’s proposed trip to China to [...]
SecDev & GhostNet
September 29, 2009 – 9:49 pm
The SecDev Group, along with the Information Warfare Monitor published “Tracking GhostNet: Investigating a Cyber Espionage Network,” a report released in March 2009 (www.tracking-ghost.net), which made extensive use of Palantir to analyze data obtained through technical and human-based sources. We discovered a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% [...]