Red October – Cyber-espionage Undetected for 5 Years

On January 17, 2013, Kaspersky Labs released, The Red October Campaign - An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies. The Kaspersky research discloses a massive network of command and control servers which has, over the past five years, infiltrated computer worldwide at governmental, diplomatic and scientific research organizations. Red October gathered information from computer systems, mobile devices and network equipment. Kaspersky details the technical means used to evade detection for 5 years. The creators of this software used many clever techniques to cover their tracks and regain control of systems that had been partially disinfected. What is [...]

2017-01-07T17:35:20-05:00January 29th, 2013|SP Guard, spear phishing|

Mission: Impossible

We read about the work of security researchers at Georgia Tech Research Institute (GTRI) with great interest and even greater skepticism. We wholeheartedly concur with this observation of Andrew Howard, a GTRI research scientist who heads up the organization's malware unit: Organizations can spend millions and millions of dollars to protect their networks, but all it takes is one carefully-crafted email to let someone into it. It's very difficult to put technical controls into place to prevent humans from making a mistake. To keep these attacks out, email users have to do the right thing every single time. The place where we part [...]

2017-05-23T14:44:07-04:00January 24th, 2013|SP Guard, spear phishing|

Malware – Life Imitates Art 3

Hawaii Five-O On CBS The January 14, 2013 episode of the popular CBS cop show Hawaii Five-O offered us more than the great scenery we have come to expect.  It offered us three alternative endings. What was the key lead that allowed the team to solve the case?  It was the spearphishing email that the perp sent to the victim.  In classic APT style, the email contained malware that gave the perp access to the victim's files. The email evidence In the West Coast ending, the perp missed one key element of an effective APT -- [...]

2017-01-07T17:35:20-05:00January 17th, 2013|spear phishing|

Spearphishing Welcomes the New Year!

On January 3, 2013, Trend Micro published a research paper describing the newly discovered HeartBeat APT campaign. Trend Micro reports that the HeartBeat campaign appears to targeted at South Korea.  The attack is estimated to have started in November of 2009.  The HeartBeat campaign targets the following sectors: Political parties Media outfits A national policy research institute A military branch of South Korean armed forces A small business sector organization Branches of South Korean government The attack used a custom RAT (remote access tool).  Trend Micro summarizes what the RAT does: These commands give the attackers complete control over their [...]

2017-01-07T17:35:20-05:00January 10th, 2013|SP Guard, spear phishing|