Read insights, thought leadership, and platform updates.

In modern enterprises, signature based threat detection capabilities are still considered a fundamental building block in most network defense strategies.  To stay ahead of today’s sophisticated threats, you have to keep your signatures contextually relevant and up-to-date. Unfortunately, this is particularly challenging when the signature management tasks fall on the shoulders of a single individual, […]

Intelligence Sharing: The Dollars and “Sense” Behind It Within the ThreatConnect Research Team, we feel that sharing what we know, whether publicly or privately, helps to grow our organization. We see information sharing as a key investment area, allowing our team to more efficiently save time and money while helping us achieve broader organizational goals. […]

Today’s IT security professionals are faced with mounting piles of log files, suspected malicious email attachments, and malware samples that could provide evidence of an attempted intrusion into important networks. The ability to quickly triage these items is vitally important and there is no better way to make a quick assessment than having a large […]

Executive Summary: The ThreatConnect Research Team has identified a weaponized Microsoft Word document that contains a Concept Development Conference (CDC) announcement for the joint US and Mongolia military exercise called Khaan Quest 2014.  Retrospective ThreatConnect Research Team research identified additional decoy documents, written in Mongolian, themed around events like the Mongolian presidential election, held in […]

UPDATE: Operation Arachnophobia has the latest updates on this intelligence.  Summary: The global proliferation of cyber espionage may be serving as a catalyst for regional entities within South Asia to adopt their own cyber espionage capabilities. Irrespective of the threats sophistication or motivation, South Asian cyber threats are likely emulating behaviors of larger regional powers […]

At Cyber Squared, we understand that many targeted, government sponsored or sanctioned attacks can be directly tied to current geopolitical events. Keeping the recent instability of the Korean Peninsula in mind, and the fact that the Chinese Communist Party has a vested interest in Korean affairs, we have kept our eyes and ears ready for […]

Today Symantec reported a targeted attack that used the Mandiant APT1 report as bait for a spearphishing attack. Brandon Dixon at 9b+ followed up with the analysis of “Mandiant_APT2_Report.pdf” and identified the command and control infrastructure as itsec.eicp[.]net, reminding us that same infrastructure was also used to target OSX users in the 5 December Contagio posting. […]

On 17 July 2012, researchers at Kaspersky Labs and Seculert identified over 800 victims of a new cyber espionage campaign dubbed “Mahdi”.  As I researched the information that was presented, I began to wonder if this was actually evidence of an Iranian sponsored or sanctioned cyber espionage event. I know, it’s an “out there” theory but when […]

What is Threat Analysis? Learn 5 Ways to Make it Actionable! Lights, Camera, All Quiet on Threats (Set) – Action! – What goes into the creation of your favorite movies? They have a director, editor, post-production effects, actors, and a ton of extras. A lot goes on behind the scenes to make a film possible. […]