AdamM
The Evolution of PINCHY SPIDER from GandCrab to REvil
For years, ransomware was a nuisance that impacted individuals who were unfortunate enough to encounter it via banking trojans, exploit kits or phishing attacks and resulted in a large number of small[…]
Explore the Adversary Universe
Since the beginning of CrowdStrike’s history, we have relentlessly pursued cyber adversaries across the internet, because we knew back when we started the company as we do now, it doesn’t matter wheth[…]
Who is REFINED KITTEN?
Common Aliases REFINED KITTEN may also be identified by the following pseudonyms: APT33 Elfin Magnallium Holmium REFINED KITTEN’s Origins REFINED KITTEN is a nation-state-based threat actor whose acti[…]
Ransomware Increases the Back-to-School Blues
As students all over the United States donned their backpacks and packed their lunches to go back to school this year, the all-to-familiar impact of ransomware created confusion and disarray for schoo[…]
Who is Salty Spider (Sality)?
Common Aliases SALTY SIDER is most commonly identified with the botnet it maintains (Sality) and it’s associated pseudonyms: KuKu SalLoad Kookoo SaliCode Kukacka SALTY SPIDER’s Origins SALTY SPIDER is[…]
CrowdStrike Mobile Threat Report Offers Trends and Recommendations for Securing Your Organization
The universal adoption of mobile devices in business environments has created new attack vectors that organizations struggle to address. A new report from CrowdStrike, the “Mobile Threat Landscape Rep[…]
First-Ever Adversary Ranking in 2019 Global Threat Report Highlights the Importance of Speed
The most essential concept in cybersecurity today is speed. Whether you are a defender or an attacker, you have to be faster than your opponent, or get inside of their OODA Loop, as the military strat[…]
Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN
HELIX KITTEN is likely an Iranian-based adversary group, active since at least late 2015, targeting organizations in the aerospace, energy, financial, government, hospitality and telecommunications bu[…]
Meet CrowdStrike’s Adversary of the Month for October: DUNGEON SPIDER
DUNGEON SPIDER is a criminal group operating the ransomware most commonly known as Locky, which has been active since February 2016 and was last observed in late 2017. Locky is a ransomware tool that […]
Meet CrowdStrike’s Adversary of the Month for August: GOBLIN PANDA
CrowdStrike® first observed GOBLIN PANDA activity in September 2013 when indicators of its activity were discovered on the network of a technology company operating in multiple sectors. Malware varian[…]
Meet CrowdStrike’s Adversary of the Month for July: WICKED SPIDER
WICKED SPIDER (PANDA) is a suspected China-based adversary that likely operates as an exploitation group for hire. The use of two cryptonyms for this group exemplifies how this adversary has demonstra[…]
Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA
The June 2018 adversary spotlight is on MUSTANG PANDA, a China-based adversary that has demonstrated an ability to rapidly assimilate new tools and tactics into its operations, as evidenced by its use[…]
Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA
STARDUST CHOLLIMA is a targeted intrusion adversary with a likely nexus to the Democratic People’s Republic of Korea (DPRK). This adversary is typically involved in operations against financial instit[…]
Meet CrowdStrike's Adversary of the Month for February: MUMMY SPIDER
In continuance of our monthly blog post to introduce a new threat actor, February 2018 features a criminally motivated actor we call MUMMY SPIDER. This actor is associated with the malware commonly kn[…]
CrowdStrike's January Adversary of the Month: VOODOO BEAR
For the past several years, CrowdStrike® has published a yearly calendar that includes international holidays, working days of the most prevalent threat actors, and significant geopolitical events. Ev[…]
Software Supply Chain Attacks on the Rise, Undermining Customer Trust
On June 27, 2017, a destructive payload dubbed “NotPetya” by researchers, was deployed covertly using a legitimate software package employed by organizations operating in Ukraine. The attack was perpe[…]
Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units
Update - As of March 2017, the estimated losses of D-30 howitzer platform have been amended. According to an update provided by the International Institute for Strategic Studies (IISS) Research Associ[…]
CrowdStrike’s New Methodology for Tracking eCrime
At our inception, CrowdStrike coined the phrase, “You don’t have a malware problem, you have an adversary problem.” Behind every attack -- whether it is the most advanced nation state conducting espio[…]
Cyber Skirmish: Russia v. Turkey
On the morning of 24 November 2015 an F-16 operated by the Turkish Air Force dropped into position behind a Russian Su-24 Fencer and dispatched an air-to-air Sidewinder missile that sliced into the Ru[…]
3 Tips for Operationalizing Cyber Intelligence
In 2014 it became abundantly clear that threat intelligence provides a decisive advantage in protecting your enterprise. Using threat intelligence, savvy security practitioners can reduce the time to […]
Operational threat intelligence with Maltego Transform Hub
“I’m drowning in data, but starving for information.” Ever feel that way? Recently, I heard a CISO use this as a description of his company’s information security posture. Today, enterprises are litte[…]
Adversaries Set Their Sights on Oil and Gas Sector
With high profile breaches in the financial, healthcare and retail sectors making news almost daily, it’s no secret that those industries are in the adversary’s crosshairs. However, while it may get l[…]
Peering Around the Corner
After the better part of a decade chasing adversaries around the Internet, there are a few things I know to be true about targeted intrusion actors operating in the interests of various nation states.[…]
Gameover
On Friday May 30, 2014, an unprecedented botnet disruption was initiated by the United States Department of Justice (DOJ) in coordination with numerous law enforcement and industry partners. This coor[…]
VICEROY TIGER Delivers New Zero-Day Exploit
On November 5, 2013, Microsoft announced that a vulnerability in the Microsoft Graphics Component could allow Remote Code Execution (RCE). This announcement attracted immediate interest from the secur[…]
DNS - The Lifeblood of your Domain
As the situation on the ground in Syria continues to deteriorate, the Syrian Electronic Army (SEA) has made quite a few waves by conducting an attack against the Domain Name System (DNS) infrastructur[…]
Who is Samurai Panda
This week we’re back to our old friends with a Chinese nexus. To recount the last few weeks of our adversary blog posts, we first introduced Anchor Panda, an adversary we attribute to China and associ[…]
Who is Clever Kitten
Over the last several weeks, CrowdStrike has been discussing some of the dozens of adversaries that the CrowdStrike Intelligence team tracks every day. We revealed a Chinese-based adversary we crypt a[…]
Whois Numbered Panda
Last week's Intelligence blog post featured Anchor Panda, one of the many adversary groups that CrowdStrike tracks. The adversary is the human component in an attack that one should focus on. It is no[…]
Who is Anchor Panda
Anchor Panda is an adversary that CrowdStrike has tracked extensively over the last year targeting both civilian and military maritime operations in the green/brown water regions primarily in the area[…]
CrowdStrike Intelligence - Adversary-based Approach
Treating the problem, not the symptoms Having spent the better part of the last 10 years dealing with various cyber adversaries, it is frustrating to see so many organizations focus on the symptoms of[…]