Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Espionage

Below you will find reports with the tag of “Espionage”

image from Bearing Witness: Uncovering the Logic Behind Russian Military Cyber Operations

Bearing Witness: Uncovering the Logic Behind Russian Military Cyber Operations

With this common understanding in mind, we have taken a comprehensive look at previously disclosed activity that can now be attributed to the GRU. Numerous governments, security firms, researchers, reporters, academics, and victims have released reports detailing different facets of the GRU’s activities. Our review identified more than 200 cyber incidents, spanning 15 years (2004–2019), targeting governments, the private sector, and members of civil society. These operations have discovered and disclosed secrets, defamed people, disinformed populations, and destroyed or disrupted computerized systems.

(more available)
Added: April 4, 2020
image from 2020 Global Threat Report

2020 Global Threat Report

If there’s one thing this year’s Global Threat Report really brings home, it’s that there’s never been a better time to get involved in cybersecurity. The stakes are high, and rising every day. Those that read and share this report are helping to educate themselves and others to better protect themselves and their communities, both at work and at home.

(more available)
Added: March 29, 2020
image from Retail and Hospitality Threat Trend Report

Retail and Hospitality Threat Trend Report

This report covers trends in retail and hospitality in 2019. It covers Cyber espionage that impacts hospitality, how virtual skimming threat data poses risk to payment card data, and an analysis and comparison of point-of-sale malware companies.

(more available)
Added: September 18, 2019
image from Military and Security Developments Involving the People's Republic of China 2019

Military and Security Developments Involving the People's Republic of China 2019

A Report to Congress Pursuant to the National Defense Authorization Act for Fiscal Year 2000, as Amended

Added: May 18, 2019
image from The Tactics & Tropes of the Internet Research Agency

The Tactics & Tropes of the Internet Research Agency

Upon request by the United States Senate Select Committee on Intelligence (SSCI), New Knowledge reviewed an expansive data set of social media posts and metadata provided to SSCI by Facebook, Twitter, and Alphabet, plus a set of related data from additional platforms. The data sets were provided by the three primary platforms to serve as evidence for an investigation into the Internet Research Agency (IRA) influence operations.

(more available)
Added: March 26, 2019
image from Threat Detection Report

Threat Detection Report

An In Depth Look at the most prevalent ATT&CK techniques according to Red Canary’s historical detection dataset.

Added: March 26, 2019
image from Under The Hood Of Cyber Crime

Under The Hood Of Cyber Crime

From the report, “In the first installment of the 2019 Security Report ‘CyberAttack Trends Analysis’, we reviewed the latest trends and threats facing the IT security industry today. We assessed the major incidents that impacted organizations over the past year along with our commentary and insights regarding them. These trends fell into the categories of Cryptominers, Ransomware, Malware Methodology, Data Breaches, Mobile and Nation State Cyber Attacks. In this installment we zone in on an underlying trend that lies behind all of the above categories, the democratization of cyber crime.” Read on to find out more.

(more available)
Added: February 7, 2019
image from The Rising Threat Of Fileless Malware

The Rising Threat Of Fileless Malware

From the report, “Threat actors are increasing their use of fileless malware for one simple reason: most organizations aren’t prepared to detect it. Education is the first step in determining what threat these new attacks pose and what IT and security teams can do to detect and stop fileless malware attacks. READ THIS PAPER to understand how fileless malware is quickly evolving to avoid detection, the techniques currently employed to prevent infection and the strategies security teams need to consider when determining how to stop future fileless breaches.”

(more available)
Added: February 5, 2019
image from 2017 Most Notable Hackers

2017 Most Notable Hackers

In 2017 we saw a measurable increase in cyber attacks executed by State sponsored hacking groups and APT’s. The Top 5 Threat Actors highlighted in this report carried out some of the most notable and financially devastating attacks of 2017 and are likely sponsored by nation-states. Cyber-attacks have become, and will continue to be, key elements of twenty-first century political warfare and terrorism. We believe that the use of cyber terror and other state sponsored attacks will increase in 2018 after it’s success in 2017.

(more available)
Added: January 25, 2019
image from Facing Forward: Cyber Security in 2019 and Beyond

Facing Forward: Cyber Security in 2019 and Beyond

From the report, “In the cyber security industry, we’re so frequently working around-the-clock for days at a time that we often forget when one year ends and another begins. It’s a shame, too, because the end of the year is a very important time. It provides a moment to reflect on what we observed and experienced over the past 12 months, and to consider how best to address the challenges we have been facing. Perhaps more critical to our line of work, it offers an opportunity to note what developed into a trend, and what might develop into a trend as we move into the next year and beyond.”

(more available)
Added: January 15, 2019
image from Operation Shaheen

Operation Shaheen

This report is part of a larger developing series, the aim of which is to apply a different approach to threat intelligence to identify a new threat actor and its previously unknown espionage campaigns; it also aims to link together campaigns that were assumed to be unrelated, or which were falsely attributed to other groups. We call this new project — and threat actor — The White Company in acknowledgement of the many elaborate measures the organization takes to whitewash all signs of its activity and evade attribution. The White Company consists of three reports. The first report tells the story of the overall campaign and presents forensic findings in a manner suitable for a general audience, including analyses of the technical and geopolitical considerations that enable readers to draw conclusions about the threat actors and understand the campaign in context. Two additional technical reports follow: One is focused on The White Company’s exploits, the other on its malware and infrastructure.

(more available)
Added: December 29, 2018
image from Patrolling the Dark Net: What You Don't Know Will Hurt You

Patrolling the Dark Net: What You Don't Know Will Hurt You

This e-book provides good insight into understanding cyber crime.

Added: December 5, 2018
image from KRACK Attack: WPA2 Wi-Fi Vulnerability

KRACK Attack: WPA2 Wi-Fi Vulnerability

This report takes a look at the “Key Reinstallation Attack” VULN that works against all modern protected Wi-Fi- networks.

Added: December 5, 2018
image from Bad Rabbit: New Ransomware Wracking havoc

Bad Rabbit: New Ransomware Wracking havoc

This paper provides information on Bad Rabbit a new ransomware roving the internet.

Added: December 5, 2018
image from Cyber Threat Profile: Democratic People's Republic of Korea (DPRK)

Cyber Threat Profile: Democratic People's Republic of Korea (DPRK)

This report offers insight into the Cyber security landscape of The People’s Republic of Korea.

Added: November 29, 2018
image from Cyber Threat Brief: US Recognizes Jerusalem As Capital Of Israel

Cyber Threat Brief: US Recognizes Jerusalem As Capital Of Israel

This report takes a look at the cyber threats that occurred when the US recognized Jerusalem as the Capital of Israel.

(more available)
Added: November 29, 2018
image from Cyber Threat Brief: 2018 Winter Olympics

Cyber Threat Brief: 2018 Winter Olympics

This report begins with the sentence, “There are a number of influences on the 2018 Winter Olympics event that may increase the likeliness of malicious activity.” Read on to find out more.

(more available)
Added: November 29, 2018
image from Cybersecurity Profile: The United States Of America

Cybersecurity Profile: The United States Of America

This report offers insight into the cyber security profile of the United States Of America.

Added: November 29, 2018
image from The Recent Escalation Between Turkey And The U.S. Provokes Response From Cyber Groups

The Recent Escalation Between Turkey And The U.S. Provokes Response From Cyber Groups

The recent escalation in tensions between the United States and Turkey over the detention of pastor Andrew Brunson, have prompted Turkish patriotic hacktivist groups to target American websites. Historically, the two most prominent hacktivist groups Aslan Neferler Tim (ANT) and Turk Hack Team (THT) have reacted to political issues impacting Turkey, by targeting the perceived adversary with low level nuisance attacks such as web defacements and Distributed Denial of Service attacks (DDoS). As the political situation deteriorates, Anomali expects to see an increase in hacktivist related activity targeting American websites.

(more available)
Added: November 29, 2018
image from Economic Impact Of Cybercrime - No Slowing Down

Economic Impact Of Cybercrime - No Slowing Down

This report takes a deep look at the economics of Cybercrime.

Added: November 21, 2018
image from Magic Hound Campaign Attacks Saudi Targets

Magic Hound Campaign Attacks Saudi Targets

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound. This appears to be an attack campaign focused on espionage. We were able to collect over fifty samples of the tools used by the Magic Hound campaign using the AutoFocus threat intelligence tool. The earliest malware sample we were able to collect had a compile timestamp in May 2016. The samples themselves ranged from IRC bots, an open source Python remote access tool, malicious macros, and others. It is believed the use of specific tools may have coincided with specific attack waves by this adversary, with the most recent attacks using weaponized Microsoft Office documents with malicious macros. Due to the large amount of data collected, and limitations on attack telemetry, this blog will focus primarily on the most recent attacks occurring in the latter half of 2016.

(more available)
Added: November 15, 2018
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • »
  • »»
© Cyentia Institute 2025
Library updated: June 21, 2025 12:08 UTC (build b1d7be4)