Author Archives: Security Response Attack Investigation Team

Previously undocumented group hits IT providers in the Middle East. Continue reading Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks→

Symantec’s Targeted Attack Analytics uncovers new attack campaigns in South East Asia. Continue reading Thrip: Ambitious Attacks Against High Level Targets Continue→

Windows zero day was exploited by Buckeye alongside Equation Group tools during 2016 attacks. Exploit and tools continued to be used after Buckeye’s apparent disappearance in 2017. Continue reading Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak→

Cryptojacking campaign we have dubbed Beapy is exploiting the EternalBlue exploit and primarily impacting enterprises in China. Continue reading Beapy: Cryptojacking Worm Hits Enterprises in China→

Although heavily focused on the Middle East, Elfin (aka APT33) has also targeted a range of organizations in the U.S. including a number of major corporations. Continue reading Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.→

Group behind the SingHealth breach is also responsible for a string of other attacks in the region. Continue reading Whitefly: Espionage Group has Singapore in Its Sights→

Organizations in Saudi Arabia and the UAE have been hit in latest attacks that involve new wiper malware Continue reading Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail→

Symantec uncovers tool used by Lazarus to carry out ATM attacks. Continue reading FASTCash: How the Lazarus Group is Emptying Millions from ATMs→

Ransomware group remains highly active in 2018, focussing mainly on organizations in the U.S. Continue reading SamSam: Targeted Ransomware Attacks Continue→

A new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign. Continue reading Gallmaker: New Attack Group Eschews Malware to Live off the Land→