Read insights, thought leadership, and platform updates.

We saw recently that GCHQ is poised to create a threat intelligence sharing community between public and private organizations in the UK. We applaud this effort and hope that more organizations follow suit. In May, we launched a European Community of Interest  to achieve a similar goal of bringing together public and private organizations. A […]

Executive Summary: The term “Cow’s Tongue” is a reference to the Chinese recognized nine-dashed line which demarks a highly contested region also known as the South China Sea (SCS). Between July 2013 and May 2014, the ThreatConnect Research Team identified and shared multiple instances of Chinese Advanced Persistent Threats (APT), targeting numerous Southeast Asian entities, with […]

Have you ever taken the time to consider how you and your colleagues view cyber security? Does your security team share common viewpoints, or are there unique philosophical differences?  Do you all follow the same processes or do you each have your own unique way of doing things? It is these individual perspectives and experiences […]

Since the disclosure of the CVE-2014-0160 “Heartbleed” vulnerability, the industry has been abuzz with the traditional kneejerk responses that often plague most security teams, and justifiably so; many security practitioners are kissing their weekend goodbye, because this bug is big. The vulnerability has most notably affected the core security of many Web 2.0 consumer services […]

History is made when the notable details of past events are recorded and others can then learn from and study them. For example, you can go to any library and read about the Civil War. You can read about the many tactical skirmishes and battles. You can also learn about the outcomes of these tactical […]

In the context of the counter improvised explosive device (IED) mission, “left of boom” is what the Washington Post’s Rick Atkinson eluded to when he referenced the moment prior to when an IED explosive is detonated. For anyone who is familiar with the Lockheed Martin Kill Chain model, or has seen the authors present it; […]

In modern enterprises, signature based threat detection capabilities are still considered a fundamental building block in most network defense strategies.  To stay ahead of today’s sophisticated threats, you have to keep your signatures contextually relevant and up-to-date. Unfortunately, this is particularly challenging when the signature management tasks fall on the shoulders of a single individual, […]

Intelligence Sharing: The Dollars and “Sense” Behind It Within the ThreatConnect Research Team, we feel that sharing what we know, whether publicly or privately, helps to grow our organization. We see information sharing as a key investment area, allowing our team to more efficiently save time and money while helping us achieve broader organizational goals. […]

Today’s IT security professionals are faced with mounting piles of log files, suspected malicious email attachments, and malware samples that could provide evidence of an attempted intrusion into important networks. The ability to quickly triage these items is vitally important and there is no better way to make a quick assessment than having a large […]

Executive Summary: The ThreatConnect Research Team has identified a weaponized Microsoft Word document that contains a Concept Development Conference (CDC) announcement for the joint US and Mongolia military exercise called Khaan Quest 2014.  Retrospective ThreatConnect Research Team research identified additional decoy documents, written in Mongolian, themed around events like the Mongolian presidential election, held in […]

UPDATE: Operation Arachnophobia has the latest updates on this intelligence.  Summary: The global proliferation of cyber espionage may be serving as a catalyst for regional entities within South Asia to adopt their own cyber espionage capabilities. Irrespective of the threats sophistication or motivation, South Asian cyber threats are likely emulating behaviors of larger regional powers […]

At Cyber Squared, we understand that many targeted, government sponsored or sanctioned attacks can be directly tied to current geopolitical events. Keeping the recent instability of the Korean Peninsula in mind, and the fact that the Chinese Communist Party has a vested interest in Korean affairs, we have kept our eyes and ears ready for […]