Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

FireEye

Below you will find reports with the source of “FireEye”

image from M-Trends 2021

M-Trends 2021

As ransomware operators were attacking state and municipal networks alongside hospitals and schools, a global pandemic response to COVID-19 necessitated a move to remote work for a significant portion of the economy. Many security teams were forced to suspend wide-ranging analyses around the adoption of remote work policies and instead focus on a supply chair attack from a trusted platform.

(more available)
Added: April 28, 2022
image from Cybersecurity Trends 2020

Cybersecurity Trends 2020

This report aims to reveal top trends that will shape the cybersecurity industry in 2020.

Added: July 30, 2020
image from M-Trends 2019

M-Trends 2019

Mandiant’s 2019 edition of their threat intel report. Focusing on significant trends in attack TTPs over the past calendar year.

(more available)
Added: May 14, 2020
image from Double Dragon: APT41, a dual espionage and cyber crime operation

Double Dragon: APT41, a dual espionage and cyber crime operation

FireEye Threat Intelligence assesses with high confidence that APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control. Activity traces back to 2012 when individual members of APT41 conducted primarily financially motivated operations focused on the video game industry before expanding into likely statesponsored activity. This is remarkable because explicit financially motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests these two motivations were balanced concurrently from 2014 onward.

(more available)
Added: April 5, 2020
image from M-Trends 2020

M-Trends 2020

FireEye has been detecting and responding to cyber attacks every day for over 15 years. The release of M-Trends® 2020 marks 11 years of providing the cyber security community with insights gained from the frontlines of those attacks.

(more available)
Added: March 1, 2020
image from 2020 Cyber Trendscape report

2020 Cyber Trendscape report

The goal of this initiative was to identify trends impacting cyber security decisions, the top cyber security priorities for 2020 and beyond, the focus of risk mitigation strategies, and to highlight the overall beliefs and perceptions held by senior executives regarding the state of the cyber threat landscape and how the cyber security industry, governments and regulatory agencies are responding to their needs.

(more available)
Added: November 25, 2019
image from Advancing Cyber Risk Management: From Security To Resilience

Advancing Cyber Risk Management: From Security To Resilience

Since 2017, risk experts have consistently ranked large-scale cyber attacks and data fraud among the top five mostly likely risks around the world. Despite growing anxieties about cyber threats, cyber resilience strategies and investments continue to lag. Globally, the time taken to discover a data breach has considerably lowered since 2017, but organizations in the Asia-Pacific region took four months longer than the global median. Internet users are growing 10 times faster than global population, exponentially increasing the surface area of attack. For example, in 2018, the total cost of cyber crimes grew by a third compared to 2016, to $600 billion, but investments in cyber security only increased 10 percent over the same period.

(more available)
Added: July 10, 2019
image from Facing Forward: Cyber Security in 2019 and Beyond

Facing Forward: Cyber Security in 2019 and Beyond

From the report, “In the cyber security industry, we’re so frequently working around-the-clock for days at a time that we often forget when one year ends and another begins. It’s a shame, too, because the end of the year is a very important time. It provides a moment to reflect on what we observed and experienced over the past 12 months, and to consider how best to address the challenges we have been facing. Perhaps more critical to our line of work, it offers an opportunity to note what developed into a trend, and what might develop into a trend as we move into the next year and beyond.”

(more available)
Added: January 15, 2019
image from FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings

FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings

In late February 2017, FireEye as a Service (FaaS) identified a spear phishing campaign that appeared to be targeting personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations. Based on multiple identified overlaps in infrastructure and the use of similar tools, tactics, and procedures (TTPs), we have high confidence that this campaign is associated with the financially motivated threat group tracked by FireEye as FIN7.

(more available)
Added: November 15, 2018
image from Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool (RAT) that has been used for nearly a decade for key logging, screen and video capture, file transfers, password theft, system administration, traffic relaying, and more.

(more available)
Added: November 15, 2018
image from Privileges and Credentials: Phished at the Request of Counsel

Privileges and Credentials: Phished at the Request of Counsel

In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government. APT19 used three different techniques to attempt to compromise targets. In early May, the phishing lures leveraged RTF attachments that exploited the Microsoft Windows vulnerability described in CVE 2017-0199. Toward the end of May, APT19 switched to using macro-enabled Microsoft Excel (XLSM) documents. In the most recent versions, APT19 added an application whitelisting bypass to the XLSM documents. At least one observed phishing lure delivered a Cobalt Strike payload. As of the writing of this blog post, FireEye had not observed post-exploitation activity by the threat actors, so we cannot assess the goal of the campaign. We have previously observed APT19 steal data from law and investment firms for competitive economic purposes. This purpose of this blog post is to inform law firms and investment firms of this phishing campaign and provide technical indicators that their IT personnel can use for proactive hunting and detection.

(more available)
Added: November 15, 2018
image from Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure

Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure

This blog post offers insight into the New ICS Attack Framework “Triton”

Added: November 15, 2018
image from Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests.

(more available)
Added: November 15, 2018
image from FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY

FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft Word document where attackers used the arbitrary code injection to download and execute a Visual Basic script that contained PowerShell commands. FireEye shared the details of the vulnerability with Microsoft and has been coordinating public disclosure timed with the release of a patch to address the vulnerability and security guidance, which can be found here.

(more available)
Added: November 15, 2018
image from APT29 Domain Fronting With TOR

APT29 Domain Fronting With TOR

This blog post takes a look at APT29 Domain Fronting with Tor.

Added: November 15, 2018
image from Cyber Threats To The Aerospace And Defense Industries

Cyber Threats To The Aerospace And Defense Industries

Read about the threat outlook for aerospace and defense sectors as threat groups seek to gain military and economic advantages.

(more available)
Added: October 26, 2018
image from Metamorfo Campaigns Targeting Brazilian Users

Metamorfo Campaigns Targeting Brazilian Users

This blog post takes a look at Metamorfo and how it is impacting Brazilian users, specifically, to install banking trojans.

(more available)
Added: October 26, 2018
image from Cyber Threats To International Organizations And Non-Profits

Cyber Threats To International Organizations And Non-Profits

Gain insights into the nature and rationales of cyber threats international organizations and nonprofits face.

Added: October 25, 2018
image from M-Trends 2018

M-Trends 2018

In this report they look at incidents that occurred between October 2016 and September 2017.

Added: October 25, 2018
image from 2015 Breach Preparedness and Response Study

2015 Breach Preparedness and Response Study

In 2013, ISMG and FireEye teamed up to survey security leaders about advanced threats and breach response. Among the findings: Only 20 percent of respondents rated their incident response programs “very effective,” and they were most concerned about their abilities to detect and contain APT/malware quickly and completely.

(more available)
Added: October 24, 2018
image from Cyber Espionage Is Alive And Well APT32

Cyber Espionage Is Alive And Well APT32

This blog post discusses APT32 and it’s targetting of global corporations for destruction.

Added: October 24, 2018
  • ««
  • «
  • 1
  • 2
  • 3
  • »
  • »»
© Cyentia Institute 2025
Library updated: July 4, 2025 04:08 UTC (build b1d7be4)