Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-25MandiantKen Proska, Daniel Kapellmann Zafra, Keith Lunden, Corey Hildebrandt, Rushikesh Nandedkar, Nathan Brubaker
@online{proska:20230525:cosmicenergy:bb4b9a9, author = {Ken Proska and Daniel Kapellmann Zafra and Keith Lunden and Corey Hildebrandt and Rushikesh Nandedkar and Nathan Brubaker}, title = {{COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises}}, date = {2023-05-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response}, language = {English}, urldate = {2023-05-26} } COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
LIGHTWORK PIEHOP
2023-03-22MandiantDaniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker
@online{zafra:20230322:we:7fad55c, author = {Daniel Kapellmann Zafra and Keith Lunden and Nathan Brubaker}, title = {{We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems}}, date = {2023-03-22}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/hacktivists-targeting-ot-systems}, language = {English}, urldate = {2023-04-22} } We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems
2022-04-25MandiantDaniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker
@online{zafra:20220425:industroyerv2:5548d98, author = {Daniel Kapellmann Zafra and Raymond Leong and Chris Sistrunk and Ken Proska and Corey Hildebrandt and Keith Lunden and Nathan Brubaker}, title = {{INDUSTROYER.V2: Old Malware Learns New Tricks}}, date = {2022-04-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/industroyer-v2-old-malware-new-tricks}, language = {English}, urldate = {2022-04-29} } INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2
2022-04-13MandiantNathan Brubaker, Keith Lunden, Ken Proska, Muhammad Umair, Daniel Kapellmann Zafra, Corey Hildebrandt, Rob Caldwell
@online{brubaker:20220413:incontroller:0f05d07, author = {Nathan Brubaker and Keith Lunden and Ken Proska and Muhammad Umair and Daniel Kapellmann Zafra and Corey Hildebrandt and Rob Caldwell}, title = {{INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems}}, date = {2022-04-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool}, language = {English}, urldate = {2022-04-15} } INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
2022-01-31MandiantDaniel Kapellmann Zafra, Corey Hidelbrandt, Nathan Brubaker, Keith Lunden
@online{zafra:20220131:1:e0f6f31, author = {Daniel Kapellmann Zafra and Corey Hidelbrandt and Nathan Brubaker and Keith Lunden}, title = {{1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information}}, date = {2022-01-31}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/ransomware-extortion-ot-docs}, language = {English}, urldate = {2022-02-02} } 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information
2021-10-27MandiantKen Proska, Corey Hildebrandt, Daniel Kapellmann Zafra, Nathan Brubaker
@online{proska:20211027:portable:437b9c1, author = {Ken Proska and Corey Hildebrandt and Daniel Kapellmann Zafra and Nathan Brubaker}, title = {{Portable Executable File Infecting Malware Is Increasingly Found in OT Networks}}, date = {2021-10-27}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/pe-file-infecting-malware-ot}, language = {English}, urldate = {2021-11-08} } Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
CCleaner Backdoor Floxif neshta Ramnit Sality Virut
2021-05-25FireEyeKeith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker
@online{lunden:20210525:crimes:6597645, author = {Keith Lunden and Daniel Kapellmann Zafra and Nathan Brubaker}, title = {{Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises}}, date = {2021-05-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html}, language = {English}, urldate = {2021-06-16} } Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
2020-07-15MandiantNathan Brubaker, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Corey Hildebrandt
@online{brubaker:20200715:financially:f217555, author = {Nathan Brubaker and Daniel Kapellmann Zafra and Keith Lunden and Ken Proska and Corey Hildebrandt}, title = {{Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families}}, date = {2020-07-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/financially-motivated-actors-are-expanding-access-into-ot}, language = {English}, urldate = {2022-07-28} } Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
Clop DoppelPaymer LockerGoga Maze MegaCortex Nefilim Snake
2017-12-14FireEyeBlake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer
@online{johnson:20171214:attackers:6b0be76, author = {Blake Johnson and Dan Caban and Marina Krotofil and Dan Scali and Nathan Brubaker and Christopher Glyer}, title = {{Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure}}, date = {2017-12-14}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html}, language = {English}, urldate = {2019-12-20} } Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
Triton TEMP.Veles