Collaborative Research with FireEye Labs Delivers Comprehensive Analysis and Details of Operation
Cyber Squared Inc., the leading provider of threat intelligence and security technology services including ThreatConnect®, announced that ThreatConnect and FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, intelligence teams have uncovered further evidence of a Pakistan-related threat group leveraging targeted malware dubbed BITTERBUG.
The report, titled “Operation Arachnophobia“, consolidates a year’s worth of comprehensive and detailed analysis into BITTERBUG operations first identified by the ThreatConnect Intelligence Research Team (TCIRT). Using collaborative analytics, joint research and threat intelligence sharing between the TCIRT and FireEye Labs, the teams uncovered additional Pakistan-based entities related to the BITTERBUG activity. The analysis and report features:
- A deep dive into threat actors who are probably affiliated with a commercial Pakistan-based hosting provider who leased command and control infrastructure from within the United States.
- An update to customized malware (BITTERBUG) used by Pakistani-based threat actors that has only been observed hosted on and communicating with two IP addresses operated by a commercial Pakistan-based hosting provider.
- An overview of employees at the Pakistan-based companies, noted within the report, who also appear within each other’s social networks.
“We have always believed that collaboration is an integral part of conducting in-depth aggregation and analysis of threat intelligence,” said Cyber Squared Inc. Chief Intelligence Officer and ThreatConnect Director of Intelligence Research Rich Barger. “Today, our work with FireEye Labs demonstrates that we are indeed stronger together than we are apart and we can achieve a much more comprehensive understanding of today’s threats when we collaborate. Adversaries are masking their exploitation operations behind U.S. infrastructure and targeting U.S. and international victims. These adversaries are purporting to be legitimate organizations and abusing unwitting service providers. We hope that this report will showcase some of the methods that threat actors often use to take advantage of participants and carry out targeted exploitation operations.”
To view a full copy of the Operation Arachnophobia report, please visit:https://threatconnect.com/arachnophobia.
Representatives from Cyber Squared Inc. and FireEye Labs will be presenting a joint presentation on Operation Arachnophobia in Las Vegas during DEF CON on Friday, August 8th at 5:30 PM PDT at THEHotel, adjacent to Mandalay Bay in Cyber Squared’s private hospitality suite. Media inquiries and requests can be sent to email@example.com for admission to the talk.
A webinar featuring Barger and Mike Oppenheim, FireEye Principal Threat Intelligence Analyst, will be hosted on Tuesday, September 24, 2014 at 11:00 AM ET to present and discuss the findings in Operation Arachnophobia. Please register here to join the webinar.
ThreatConnect is the most comprehensive Threat Intelligence Platform on the market today. With ThreatConnect, users can easily aggregate, analyze, and act on all of the threat intelligence data they receive to counter sophisticated cyber attacks.
For more information on ThreatConnect, please visit: www.threatconnect.com. Register for a free account and trial today at https://threatconnect.com/product/product_editions.
About Cyber Squared Inc.
Cyber Squared Inc., is a leading provider of advanced threat intelligence products and services including ThreatConnect®, the most comprehensive Threat Intelligence Platform (TIP) on the market. With a superior understanding of the relevant cyber threats to its clients’ business operations, Cyber Squared determines risk and develops individualized, effective security strategies and processes for risk avoidance. ThreatConnect delivers a single platform in the cloud and on-premises to effectively aggregate, analyze, and act to counter sophisticated cyber attacks. The ThreatConnect TIP can be accessed by visiting www.threatconnect.com. Learn more about Cyber Squared Inc. and our other services at www.cybersquared.com.