Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-08MandiantBen Read, DANIEL LEE, Stephen Eckels
Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices
UNC4540
2022-08-04MandiantAlice Revelli, Ben Read, Emiel Haeghebaert, Luke Jenkins
ROADSWEEP Ransomware - Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
ROADSWEEP
2022-08-04MandiantAlice Revelli, Ben Read, Emiel Haeghebaert, Luke Jenkins
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
2021-12-06MandiantAshraf Abdalhalim, Ben Read, Doug Bienstock, Gabriella Roncone, Jonathan Leathery, Josh Madeley, Juraj Sucik, Luis Rocha, Luke Jenkins, Manfred Erjak, Marius Fodoreanu, Microsoft Detection and Response Team (DART), Microsoft Threat Intelligence Center (MSTIC), Mitchell Clarke, Parnian Najafi, Sarah Hawley, Wojciech Ledzion
Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-11-16MandiantAlden Wahlstrom, Alice Revelli, Ben Read, David Mainor, Gabriella Roncone, Mandiant Research Team, Sam Riddell
UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests
Ghostwriter
2021-04-28FireEyeAlden Wahlstrom, Ben Read, David Mainor, Gabby Roncone, Lee Foster, Lindsay Smith, Sam Riddell
Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
2021-03-04FireEyeBen Read, Jonathan Leathery, Lindsay Smith
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
UNC2452
2021-01-12BrightTALK (FireEye)Ben Read, John Hultquist
UNC2452: What We Know So Far
Cobalt Strike SUNBURST TEARDROP
2020-12-13FireEyeAlex Berry, Alex Pennino, Alyssa Rahman, Andrew Archer, Andrew Rector, Andrew Thompson, Barry Vengerik, Ben Read, Ben Withnell, Chris DiGiamo, Christopher Glyer, Dan Perez, Dileep Jallepalli, Doug Bienstock, Eric Scales, Evan Reese, Fred House, Glenn Edwards, Ian Ahl, Isif Ibrahima, Jay Smith, John Gorman, John Hultquist, Jon Leathery, Lennard Galang, Marcin Siedlarz, Matt Dunwoody, Matthew McWhirt, Michael Sikorski, Microsoft, Mike Burns, Nalani Fraiser, Nick Bennett, Nick Carr, Nick Hornick, Nick Richard, Nicole Oppenheim, Omer Baig, Ramin Nafisi, Sarah Jones, Scott Runnels, Stephen Eckels, Steve Miller, Steve Stone, William Ballenthin
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-04-22FireEyeBen Read, Gabby Roncone, John Hultquist, Sarah Jones, Scott Henderson
Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
METALJACK
2019-04-16FireEyeBen Read, Chi-en Shen, John Hultquist, Oleg Bondarenko
Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic
Quasar RAT Vermin
2019-03-04FireEyeBen Read, Fred Plan, Jacqueline O’Leary, Nalani Fraser, Vincent Cannon
APT40: Examining a China-Nexus Espionage Actor
LunchMoney APT40
2019-01-29FireEyeAndrew Thompson, Ben Read, Cristiana Brafman-Kittner, Nalani Fraser, Sanaz Yashar, Sarah Hawley, Yuri Rozhansky
APT39: An Iranian Cyber Espionage Group Focused on Personal Information
APT39
2019-01-10FireEyeBen Read, Muks Hirani, Sarah Jones
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
DNSpionage DNSpionage
2019-01-09MandiantBen Read, Muks Hirani, Sarah Jones
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
DNSpionage Sea Turtle
2018-07-11FireEyeBen Read, Ben Wilson, Dan Perez, Marcin Siedlarz, Scott Henderson, Steve Miller
Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally
AIRBREAK APT40
2018-03-13FireEyeBen Read, Dileep Kumar Jallepalli, Sudeep Singh, Yogesh Londhe
Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign
POWERSTATS MuddyWater
2017-10-26FireEyeBarry Vengerik, Ben Read, Brian Mordosky, Christopher Glyer, Ian Ahl, Matt Williams, Michael Matonis, Nick Carr
BACKSWING - Pulling a BADRABBIT Out of a Hat
EternalPetya
2017-09-12FireEyeBen Read, Genwei Jiang, James T. Bennett
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY,FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
FinFisher RAT BlackOasis
2017-08-11FireEyeBen Read, Lindsay Smith
APT28 Targets Hospitality Sector, Presents Threat to Travelers
Seduploader