Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-27Recorded FutureJohn Wetzel
@techreport{wetzel:20220127:russias:e336cc8, author = {John Wetzel}, title = {{Russia’s Biggest Threat Is Its Instability}}, date = {2022-01-27}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/pov-2022-0127.pdf}, language = {English}, urldate = {2022-02-04} } Russia’s Biggest Threat Is Its Instability
WhisperGate
2022-01-20BrightTALK (Mandiant)John Hultquist, Matthew McWhirt
@online{hultquist:20220120:anticipating:b2d356a, author = {John Hultquist and Matthew McWhirt}, title = {{Anticipating and Preparing for Russian Cyber Activity}}, date = {2022-01-20}, organization = {BrightTALK (Mandiant)}, url = {https://www.brighttalk.com/webcast/7451/527124}, language = {English}, urldate = {2022-02-14} } Anticipating and Preparing for Russian Cyber Activity
2022-01-20MandiantJohn Hultquist
@online{hultquist:20220120:anticipating:8005282, author = {John Hultquist}, title = {{Anticipating Cyber Threats as the Ukraine Crisis Escalates}}, date = {2022-01-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/ukraine-crisis-cyber-threats}, language = {English}, urldate = {2022-01-24} } Anticipating Cyber Threats as the Ukraine Crisis Escalates
2022-01-04The Cyber Security TimesJohn Greenwood
@online{greenwood:20220104:purple:98da376, author = {John Greenwood}, title = {{Purple Fox malware is actively distributed via Telegram Installers}}, date = {2022-01-04}, organization = {The Cyber Security Times}, url = {https://www.thecybersecuritytimes.com/purple-fox-malware-is-actively-distributed-via-telegram-installers/}, language = {English}, urldate = {2022-01-06} } Purple Fox malware is actively distributed via Telegram Installers
PurpleFox
2021-12-16CitizenLabKristin Berdan, John Scott-Railton, Bill Marczak, Noura Al-Jizawi, Bahr Abdul Razzak, Ron Deibert, Siena Anstis
@online{berdan:20211216:pegasus:c1c06eb, author = {Kristin Berdan and John Scott-Railton and Bill Marczak and Noura Al-Jizawi and Bahr Abdul Razzak and Ron Deibert and Siena Anstis}, title = {{Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware}}, date = {2021-12-16}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/}, language = {English}, urldate = {2022-01-24} } Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Chrysaor
2021-12-15MandiantMatthew McWhirt, John Hultquist
@online{mcwhirt:20211215:log4shell:9216a09, author = {Matthew McWhirt and John Hultquist}, title = {{Log4Shell Initial Exploitation and Mitigation Recommendations}}, date = {2021-12-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/log4shell-recommendations}, language = {English}, urldate = {2021-12-31} } Log4Shell Initial Exploitation and Mitigation Recommendations
2021-11-10MicrosoftJohn Lambert
@online{lambert:20211110:hunt:8ab9e28, author = {John Lambert}, title = {{The hunt for NOBELIUM, the most sophisticated nation-state attack in history}}, date = {2021-11-10}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/10/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history/}, language = {English}, urldate = {2021-11-17} } The hunt for NOBELIUM, the most sophisticated nation-state attack in history
2021-11-07McAfeeJohn Fokker, Raj Samani
@online{fokker:20211107:who:f8f6ef2, author = {John Fokker and Raj Samani}, title = {{Who Will Bend the Knee in RaaS Game of Thrones in 2022?}}, date = {2021-11-07}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/who-will-bend-the-knee-in-raas-game-of-thrones-in-2022/}, language = {English}, urldate = {2021-11-08} } Who Will Bend the Knee in RaaS Game of Thrones in 2022?
2021-10-24CitizenLabBill Marczak, John Scott-Railton, Siena Anstis, Bahr Abdul Razzak, Ron Deibert
@online{marczak:20211024:breaking:26acce3, author = {Bill Marczak and John Scott-Railton and Siena Anstis and Bahr Abdul Razzak and Ron Deibert}, title = {{Breaking the News New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts}}, date = {2021-10-24}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/}, language = {English}, urldate = {2021-11-02} } Breaking the News New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts
Chrysaor
2021-09-22YouTube (John Hammond)John Hammond
@online{hammond:20210922:snip3:319b687, author = {John Hammond}, title = {{Snip3 Crypter/RAT Loader - DcRat MALWARE ANALYSIS}}, date = {2021-09-22}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=ElqmQDySy48}, language = {English}, urldate = {2021-09-23} } Snip3 Crypter/RAT Loader - DcRat MALWARE ANALYSIS
DCRat
2021-09-14FortinetJohn Simmons
@online{simmons:20210914:more:f8ade2c, author = {John Simmons}, title = {{More ProxyShell? Web Shells Lead to ZeroLogon and Application Impersonation Attacks}}, date = {2021-09-14}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/more-proxyshell-web-shells-lead-to-zerologon-and-application-impersonation-attacks}, language = {English}, urldate = {2021-09-19} } More ProxyShell? Web Shells Lead to ZeroLogon and Application Impersonation Attacks
2021-09-13CitizenLabBill Marczak, John Scott-Railton, Bahr Abdul Razzak, Noura Al-Jizawi, Siena Anstis, Kristin Berdan, Ron Deibert
@online{marczak:20210913:forcedentry:7427f45, author = {Bill Marczak and John Scott-Railton and Bahr Abdul Razzak and Noura Al-Jizawi and Siena Anstis and Kristin Berdan and Ron Deibert}, title = {{FORCEDENTRY NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860)}}, date = {2021-09-13}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/}, language = {English}, urldate = {2021-09-14} } FORCEDENTRY NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860)
2021-09-08McAfeeMax Kersten, John Fokker, Thibault Seret
@online{kersten:20210908:how:5c39aac, author = {Max Kersten and John Fokker and Thibault Seret}, title = {{How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates}}, date = {2021-09-08}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates/}, language = {English}, urldate = {2021-09-12} } How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates
Babuk BlackMatter Babuk BlackMatter CTB Locker
2021-09-03IBMCamille Singleton, Andrew Gorecki, John Dwyer
@online{singleton:20210903:dissecting:4d56786, author = {Camille Singleton and Andrew Gorecki and John Dwyer}, title = {{Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight}}, date = {2021-09-03}, organization = {IBM}, url = {https://securityintelligence.com/posts/sodinokibi-ransomware-incident-response-intelligence-together/}, language = {English}, urldate = {2021-09-09} } Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight
Valak QakBot REvil
2021-09-03FireEyeAdrian Sanchez Hernandez, Govand Sinjari, Joshua Goddard, Brendan McKeague, John Wolfram, Alex Pennino, Andrew Rector, Harris Ansari, Yash Gupta
@online{hernandez:20210903:pst:a8de902, author = {Adrian Sanchez Hernandez and Govand Sinjari and Joshua Goddard and Brendan McKeague and John Wolfram and Alex Pennino and Andrew Rector and Harris Ansari and Yash Gupta}, title = {{PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers}}, date = {2021-09-03}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/09/proxyshell-exploiting-microsoft-exchange-servers.html}, language = {English}, urldate = {2021-09-06} } PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran
2021-08-24CitizenLabBill Marczak, Ali Abdulemam, Noura Al-Jizawi, Siena Anstis, Kristin Berdan, John Scott-Railton, Ron Deibert
@online{marczak:20210824:from:6363bde, author = {Bill Marczak and Ali Abdulemam and Noura Al-Jizawi and Siena Anstis and Kristin Berdan and John Scott-Railton and Ron Deibert}, title = {{From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits}}, date = {2021-08-24}, organization = {CitizenLab}, url = {https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/}, language = {English}, urldate = {2021-08-24} } From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
Chrysaor
2021-08-19Huntress LabsJohn Hammond
@online{hammond:20210819:microsoft:a25f571, author = {John Hammond}, title = {{Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit}}, date = {2021-08-19}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit}, language = {English}, urldate = {2021-08-25} } Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
2021-07-27Youtube (SANS Institute)Katie Nickels, John Hammond
@online{nickels:20210727:sans:7432e9e, author = {Katie Nickels and John Hammond}, title = {{SANS Threat Analysis Rundown - Kaseya VSA attack}}, date = {2021-07-27}, organization = {Youtube (SANS Institute)}, url = {https://www.youtube.com/watch?v=tZVFMVm5GAk}, language = {English}, urldate = {2021-08-02} } SANS Threat Analysis Rundown - Kaseya VSA attack
REvil
2021-07-20Huntress LabsJohn Hammond
@online{hammond:20210720:security:50ec27a, author = {John Hammond}, title = {{Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident}}, date = {2021-07-20}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident}, language = {English}, urldate = {2021-07-26} } Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil
2021-07-19Washington PostJohn Hudson, Ellen Nakashima
@online{hudson:20210719:us:37c4208, author = {John Hudson and Ellen Nakashima}, title = {{U.S., allies accuse China of hacking Microsoft and condoning other cyberattacks (APT40)}}, date = {2021-07-19}, organization = {Washington Post}, url = {https://www.washingtonpost.com/national-security/microsoft-hack-china-biden-nato/2021/07/19/a90ac7b4-e827-11eb-84a2-d93bc0b50294_story.html}, language = {English}, urldate = {2021-07-24} } U.S., allies accuse China of hacking Microsoft and condoning other cyberattacks (APT40)