Ryan Sherstobitoff

Ryan Sherstobitoff is a Senior Analyst for Major Campaigns – Advanced Threat Research in McAfee.

Ryan specializes in threat intelligence in the Asia Pacific Region where he conducts cutting edge research into new adversarial techniques and adapts those to better monitor the threat landscape. He formerly was the Chief Corporate Evangelist at Panda Security, where he managed the US strategic response for new and emerging threats. Ryan is widely recognized as a security & cloud computing expert throughout the country.
A wall eight feet high with three strands of barbed wire is considered sufficient to deter a determined intruder, at least according to the advice offered by the CISSP professional certification. Although physical controls can be part of a multifaceted defense, an electronic attack affords the adversary time to develop the necessary tools to bypass ...
Read Blog
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. In this post, ...
Read Blog
This post was prepared with contributions from Asheer Malhotra, Charles Crawford, and Jessica Saavedra-Morales.  On February 28, the McAfee Advanced Threat Research team discovered that the cybercrime group Hidden Cobra continues to target cryptocurrency and financial organizations. In this analysis, we observed the return of Hidden Cobra’s Bankshot malware implant surfacing in the Turkish financial ...
Read Blog
This post was written with contributions from Jessica Saavedra-Morales, Thomas Roccia, and Asheer Malhotra.  McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. Our analysts have named this Operation Honeybee, based on the ...
Read Blog
This blog was written with support and contributions provided by Asheer Maholtra, Jessica Saavedra Morales, and Thomas Roccia. McAfee Advanced Threat Research (ATR) analysts have discovered an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact. This new campaign, dubbed HaoBao, resumes Lazarus’ previous phishing emails, posed ...
Read Blog
UPDATE (Feb. 12, 2018): A new variant of the original file-less implant appeared on Feb. 5, 2018, indicating the attack has resumed. The new variant has the same author and metadata as the original documents discovered in December, as well as a nearly identical implant. A key difference, however, is the attackers leveraged hacked servers is ...
Read Blog
McAfee Advanced Threat Research analysts have discovered a campaign targeting organizations involved with the Pyeongchang Olympics. Attached in an email was a malicious Microsoft Word document with the original file name 농식품부, 평창 동계올림픽 대비 축산악취 방지대책 관련기관 회의 개최.doc (“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”). The primary target of ...
Read Blog
This blog post was co-written by Michael Rea. During our monitoring of activities around the APT28 threat group, McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. This document likely marks the first ...
Read Blog