<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: cyber-attack

Hostile Domestic Surveillance & Security Automation: A Case Study

Photo Cred: Forbes

 

Last week, I had the pleasure of speaking at Virus Bulletin on the recent news of iPhone (first reported on by Google Project Zero) and Android (first reported on by Volexity) mobile malware being used to target Tibetans (as reported by Citizen Lab) and Uighur Muslims inside and outside the People’s Republic of China. Lots of great research is linked above and you should definitely read it.

Whenever events like these occur, researchers from many organizations are researching pieces of it. If you are interested in Chinese APT attacks against these groups, certainly take a look.

One of the most interesting things to me when looking into these attacks is the sophistication and persistence of the adversary. As vulnerabilities got patched, they reused what pieces they could from their attacks and discovered new vulnerabilities to maintain their ability to action on the surveillance objectives. Some of the tools used indicate relationships to other Chinese APT groups, and certainly these types of attacks could be used against truly foreign adversaries as well.

Read More

Share this:

ThreatSTOP Free Open Source Analysis Tools Series. Part 4: Enrichments & Connecting the Dots

 

Making connections and finding new indicators is an important part of IOC analysis, and is probably the most enjoyable part as well. Blog posts and reports on new threats will usually mention the indicators seen to be used by the specific malware sample or attack vector analyzed, yet in many cases there is a larger malicious infrastructure behind them just waiting to be uncovered (and blocked!). Sometimes, a whole other malicious infrastructure can be revealed by examining IOCs related to malicious IPs and domains. There are a variety of tools out there that can help analysts investigate indicators of compromise and their infrastructure, and perform enrichment to shed light on related, malicious IOCs.

In this post, we will review some of our Security Research Team’s favorite connection and enrichment platforms.

 

Read More

Share this:

ThreatSTOP Free Open Source Analysis Tools Series. Part 2: Threat Exchanges & IOC Sharing

 

The first step in IOC analysis is obtaining the indicators to analyze. Some analysts will opt to stick with one source, and analyze whichever IOCs come their way, while others may search various sources for a specific threat type such as Ransomware, or threat such as Lokibot. Threat exchanges are open and free community platforms for information sharing and collaboration, and are an excellent source for IOCs. Another source for IOC collection which may come off as less intuitive is social media, with Twitter being the best SM platform to find new, relevant IOCs.

In this post, we will describe our Top 5 Free IOC Sources for Analysis.

 

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter