Blogs

An analysis of the Shamoon 2 malware attack

Posted by Greg Linares on Feb 7, 2017 11:03:14 AM

Saudi officials recently warned organizations in the kingdom to be on the alert for the Shamoon 2 malware, which cripples computers by wiping their hard disks. In 2012, Shamoon crippled Saudi Aramco and this new variant was reportedly targeted at the Saudi labor ministry as well as several engineering and manufacturing companies.

During a recent analysis, Vectra Networks came across a malicious component that appears to be used in conjunction with spear-phishing-delivered malicious documents.

Read More »

Topics: cybersecurity, Threat Labs, AI, threat research


The election hackers: Some uncovered points

Posted by Chris Doman on Nov 3, 2016 1:30:00 AM

The group known as Fancy Bear[1], reportedly behind recent attacks against the U.S. Democratic National Committee and U.S. political figures, has been widely discussed. Detailed reports about the group’s operation have been published by Microsoft, ESET, FireEye and Trend Micro.

But some interesting details about these attackers have not been covered, and this blog aims to provide more details and fill in some of the blanks.

This isn’t their first election hack

In 2014, the Ukrainian Election Commission was compromised during the presidential election by pro-Russian hackers calling themselves CyberBerkut. They delayed the counting of votes and posted a false claim on the election commissions website that a right-wing candidate had won the election.

Read More »

Topics: Targeted Attacks, Malware Attacks, cyber security, Threat Labs


Moonlight – Targeted attacks in the Middle East

Posted by Chris Doman on Oct 26, 2016 1:30:00 AM

Vectra Threat Labs researchers have uncovered the activities of a group of individuals currently engaged in targeted attacks against entities in the Middle East. We identified over 200 samples of malware generated by the group over the last two years. These attacks are themed around Middle Eastern political issues and the motivation appears to relate to espionage, as opposed to opportunistic or criminal intentions.

Read More »

Topics: Targeted Attacks, Malware Attacks, cyber security, Threat Labs


Triggering MS16-030 via targeted fuzzing

Posted by Bill Finlayson on Oct 11, 2016 11:05:35 AM

The need to analyze the patch for MS16-030 recently presented itself to us due to some related product research.  After the analysis was complete, we realized that the attack surface of the patch was pretty interesting and determined it may be beneficial to share part of the analysis.  This post will focus on triggering a patched bug from MS16-030.

Read More »

Topics: fuzzing, patch analysis, Microsoft, Threat Labs, reverse engineering