Threats & Defenses

0 Comments
Summary Secureworks® Counter Threat Unit™ (CTU) researchers have tracked the activities of the BRONZE UNION threat group (also known as Emissary Panda, APT 27, and LuckyMouse) since 2013. CTU™ analysis suggests that BRONZE UNION is located in the People’s Republic of China. The threat group has historically leveraged a variety of publicly available and self-developed
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in July 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about the IRON LIBERTY threat group, as well as details about the Karagany and MCMD malware used exclusively by IRON LIBERTY, to supplement the discussion of the man-on-the-side technique described in the
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in August 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about the IRON LIBERTY threat group, as well as details about the Karagany and MCMD malware used exclusively by IRON LIBERTY, to supplement the discussion of the man-on-the-side technique
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in September 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about the IRON LIBERTY threat group, as well as details about the Karagany and MCMD malware used exclusively by IRON LIBERTY, to supplement the discussion of the man-on-the-side technique described in
0 Comments
Summary The REvil (also known as Sodinokibi) ransomware was first identified on April 17, 2019. It is used by the financially motivated GOLD SOUTHFIELD threat group, which distributes ransomware via exploit kits, scan-and-exploit techniques, RDP servers, and backdoored software installers. Secureworks® Counter Threat Unit™ (CTU) analysis suggests that REvil is likely associated with the GandCrab
0 Comments
Summary The activities of some non-governmental organizations (NGOs) challenge governments on politically sensitive issues such as social, humanitarian, and environmental policies. As a result, these organizations are often exposed to increased government-directed threats aimed at monitoring their activities, discrediting their work, or stealing their intellectual property. BRONZE PRESIDENT is a likely People’s Republic of China
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in November 2018. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about BRONZE VINEWOOD and its use of the HanaLoader malware and DropboxAES RAT, to increase visibility of the threat group’s activities. In mid-2018, Secureworks® Counter Threat Unit™ (CTU) researchers identified
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in April 2019. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about BRONZE VINEWOOD and its use of the HanaLoader malware and DropboxAES RAT to increase visibility of the threat group’s activities. Summary BRONZE VINEWOOD (also known as APT31 and ZIRCONIUM) is
0 Comments
The following analysis was compiled and published to Threat Intelligence clients in March 2019. The Secureworks® Counter Threat Unit™ (CTU) research team is publicly sharing insights about BRONZE VINEWOOD and its use of the HanaLoader malware and DropboxAES RAT, to increase visibility of the threat group’s activities. Summary DropboxAES is a simple remote access trojan (RAT) used
0 Comments
Summary In response to the SolarWinds supply chain compromise, the U.S. National Security Agency (NSA) published an advisory describing advanced techniques that threat actors can use to maintain persistent access to compromised cloud tenants and exfiltrate sensitive data. Most of the public commentary about this advisory has focused on the theft of Active Directory Federation