Category Archives: dark labs

Cybersecurity researchers identify new variants of APT34 malware

Posted on by

Booz Allen’s Dark Labs Advanced Threat Hunt team has developed an advanced technique to discover and block new variants of malware that poses a threat to organizations worldwide. Using an open source indicator of compromise (IOC), the research team was able to identify three additional variants of malware associated with APT34, a group thought to be involved in nation-state cyber-espionage, according to a technical brief from Booz Allen. The report describes how the team used a combination of open-source reporting and “acquired sources of threat intelligence,” then combined this information with its own tools to perform deep analysis on known APT34 behaviors. “The life cycle of an openly reported IOC does not end when an operator deploys the indicator to a sensor, or a threat hunter checks their security information and event manager (SIEM),” said the report’s authors, Chad Gray and Will Farrell. “Merging the IOC with internal or external […]

The post Cybersecurity researchers identify new variants of APT34 malware appeared first on Cyberscoop.

Continue reading Cybersecurity researchers identify new variants of APT34 malware

How to find and remove advanced persistent adware in your network

Posted on by

A unique form of advanced persistent adware (APA) recently found by the Booz Allen Dark Labs’ Advanced Threat Hunt team is lurking on enterprise networks and can evade traditional forms of cyberdefenses. But a new report, published by the same team, offers methods to hunt and remove the adware in networks. The APA has been classified as an Advanced JavaScript-Based In-Memory Stage 1 Downloader because it is built on JavaScript, runs strictly in memory and functions as the downloader for the second stage of the APA’s attack. The adware is a previously known threat commonly used to inject advertisements into a user’s browser and covertly collect information about the user’s browsing activity. The first-stage loader could then be used to execute an arbitrary code easily repurposed for additional targeted attacks. The APA is unique because it leverages advanced techniques typically only seen in attacks attributed to nation-state advanced persistent threats. […]

The post How to find and remove advanced persistent adware in your network appeared first on Cyberscoop.

Continue reading How to find and remove advanced persistent adware in your network