We at ThreatConnect are proud to be part of an industry-led Coordinated Malware Eradication (CME) initiative known as Operation SMN. The collaborative effort has targeted specific malicious capabilities used by what is largely suspected to be a Chinese Advanced Persistent Threat (APT) espionage group that has been operating since at least 2010. Operation SMN is led by Novetta, and supported by a coalition of notable industry partners including Cisco, FireEye, F-Secure, iSight Partners, Microsoft, Symantec, Tenable, ThreatTrack and Volexity.
From inception, the intent of Operation SMN has aligned with core principles of ThreatConnect - to aggregate, analyze and act on threat intelligence. In our eyes, Operation SMN serves as a historic inflection point in which the industry proactively demonstrated how private sector organizations can collectively share threat intelligence regarding a common threat actor and quickly put it into action.
Operation SMN evolves upon the industry standard of individual participants aggregating knowledge and producing the research. Thus, demonstrating how the industry can further itself by jointly collaborating, planning and operationalizing shared intelligence, acting as one, to disrupt and mitigate an advanced threat actor.
For more details visit the following blogs of the Operation SMN members:
- Cisco's Blog
- F-Secure's Blog
- Microsoft's Blog
- Novetta's Blog
- Symantec's Blog
- ThreatTrack Security's Blog
ThreatConnect applauds the work of all of our partners in Operation SMN and looks forward to future opportunities to work with them and others within the security industry who wish to collaborate and act on shared threat intelligence. As additional information regarding this threat becomes available the ThreatConnect Research Team will be sharing any publicly available details and signatures associated with this threat within the ThreatConnect Common Community. Look for a full report to come later this month. Register for a FREE community account on ThreatConnect for access to our Common Community, or upgrade to our Team or Enterprise versions for access to additional premium data and capabilities, including our API.
There are more signatures to come, but ThreatConnect is sharing what is available now within our Common Community - accessible with a free account.