Neal Dennis
Author Archives: Neal Dennis
- Home → Author's archive:
Neal Dennis
Additional Insights on Shamoon2
IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia. Researchers showcased a potential malware lifecycle which started with spear phishing and eventually led to the deployment of the disk-wiping malware known as Shamoon. […]Change All Your Passwords, Right Now!
by Steinthor Bjarnason, Senior ASERT Security Analyst & Roland Dobbins, ASERT Principal Engineer CloudFlare are probably best known as a DDoS mitigation service provider, but they also operate one of the largest Content Delivery Networks (CDNs) on the Internet. Many popular Web sites, mobile apps, […]Non-Government Organization in Support of Government Hopes
Red Team analysis is the process of viewing a situation from the perspective of an adversary thus providing insights beyond those that might otherwise be limited by normative biases. This blog provides an assessment of one company’s foray into the popular APT outing trend in […]Non-Government Organization in Support of Government Hopes
Red Team analysis is the process of viewing a situation from the perspective of an adversary thus providing insights beyond those that might otherwise be limited by normative biases. This blog provides an assessment of one company’s foray into the popular APT outing trend in the context of China’s cyber buildup and what that could […]Espionage, Spying and Big Corporate Data, These Are a Few of China’s Favorite Things
ASERT provides a weekly threat bulletin for Arbor customers that highlights and analyzes the week’s top security events and provides other pertinent infosec material. Recently, we covered the public notification of a United Airlines breach by possible Chinese state-sponsored threat actors. In this blog, we offer an alternative hypothesis to the conclusions many have drawn regarding the motivation behind this and other recent attacks.
The Compromises
For those keeping score, the United States Office of Personnel Management (OPM), Anthem, Premera, and Carefirst Blue Cross all reported large data breaches, seemingly perpetrated by the same possible Chinese state-sponsored threat actors [1]. Research into the OPM breach provided information leading investigators to believe the same group of threat actors also compromised additional companies [2]. These investigators released IOC’s that United Airlines used to detect their own data breach in late May/early June of 2015. The data stolen reportedly included passenger manifests containing travel information and basic demographics about travelers. Additionally, according to Bloomberg, one of the individuals familiar with the case indicated information regarding United’s corporate merger and acquisition strategy was also possibly compromised.
Considering the context discussed so far, let’s highlight the current train of thought amongst many in the security Continue reading