Iran’s APT33 Hackers Are Targeting Industrial Control Systems

Iran’s APT33 Hackers Are Targeting Industrial Control Systems

Threat intelligence firm FireEye has warned since 2017 that APT33 had links to another piece of destructive code known as Shapeshifter .Moran declined to name any of the specific industrial control system, or ICS, companies or products targeted by the APT33 hackers.

Facebook Removes a Fresh Batch of Iran-Linked Fake Accounts

Facebook Removes a Fresh Batch of Iran-Linked Fake Accounts

Last August, researchers from the threat intelligence firm FireEye uncovered a vast social media influence campaign, conducted by a network of inauthentic news outlets and fake personas with ties to Iran.

A Peek Into the Toolkit of the Dangerous 'Triton' Hackers

A Peek Into the Toolkit of the Dangerous 'Triton' Hackers

In those investigations, FireEye says it's identified a collection of custom malicious software that the Triton hackers used, tools that allowed the hackers to patiently advance their intrusion as they worked to gain access to the victims' industrial control systems.

A Guide to LockerGoga, the Ransomware Crippling Industrial Firms

A Guide to LockerGoga, the Ransomware Crippling Industrial Firms

LockerGoga, which was named for a file path in its source code by security research group MalwareHunterTeam, remains relatively rare and targeted compared to older forms of ransomware like SamSam and Ryuk, says Charles Carmakal, who leads a team of incident responders at FireEye who have dealt with multiple infestations.

Machine Learning Can Use Tweets To Spot Critical Security Flaws

Machine Learning Can Use Tweets To Spot Critical Security Flaws

Researchers at Ohio State University, the security company FireEye, and research firm Leidos last week published a paper describing a new system that reads millions of tweets for mentions of software security vulnerabilities, and then, using their machine-learning-trained algorithm, assessed how much of a threat they represent based on how they're described.

The Russian Sleuth Who Outs Moscow's Elite Hackers and Assassins

The Russian Sleuth Who Outs Moscow's Elite Hackers and Assassins

"To do that work from Russia takes a remarkable amount of courage." John Hultquist, FireEye These are just the latest in an ongoing series of reve­lations the Insider and Bellingcat have made about the GRU, an agency now believed to be respon­sible for everything from the Skripal assassination attempt to the hacking and leaking operation targeting US and French elections.

Security News This Week: Did Russia Take Another Shot at Hacking the DNC?

Security News This Week: Did Russia Take Another Shot at Hacking the DNC?

Attribution is a tricky business, and the DNC didn’t provide much specific evidence to back up their claims of Russian involvement, but it lines up with a previous wave of Russian spearphishing noted by security firm FireEye last fall. This one belongs to the Oklahoma Department of Securities, which left millions of files open to public access.

Russian Hackers Haven't Stopped Probing the US Power Grid

Russian Hackers Haven't Stopped Probing the US Power Grid

But grid hacking comes in less dramatic forms as well—which makes Russia's continued probing of US critical infrastructure all the more alarming.At the CyberwarCon forum in Washington, DC on Wednesday, researchers from threat intelligence firm FireEye noted that while the US grid is relatively well-defended, and difficult to hit with a full-scale cyberattack, Russian actors have nonetheless continue to benefit from their ongoing vetting campaign."There’s still a concentrated Russian cyber espionage campaign targeting the bulk of the US electrical grid," says FireEye analyst Alex Orleans says.

Russia's Elite Hackers May Have New Phishing Tricks

Russia's Elite Hackers May Have New Phishing Tricks

It's not uncommon to see them come out with a new variant or a totally new malware family."Palo Alto Networks researchers have only found one sample of the special Cannon-laced malicious document so far, but it was part of a broader APT 28 phishing campaign they observed that focused on government targets in North America, Europe, and a former USSR state that the company declined to name.Meanwhile, investigators at FireEye observed an extensive phishing campaign launched last week that appears to come from APT 29 hackers, also called Cozy Bear.