McAfee Labs

Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide

McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. In this post, …

McAfee Labs

Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant

This post was prepared with contributions from Asheer Malhotra, Charles Crawford, and Jessica Saavedra-Morales.  On February 28, the McAfee Advanced Threat Research team discovered that the cybercrime group Hidden Cobra continues to target cryptocurrency and financial organizations. In this analysis, we observed the return of Hidden Cobra’s Bankshot malware implant surfacing in the Turkish financial …

McAfee Labs

McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups

This post was written with contributions from Jessica Saavedra-Morales, Thomas Roccia, and Asheer Malhotra.  McAfee Advanced Threat Research analysts have discovered a new operation targeting humanitarian aid organizations and using North Korean political topics as bait to lure victims into opening malicious Microsoft Word documents. Our analysts have named this Operation Honeybee, based on the …

McAfee Labs

Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems

McAfee Advanced Threat Research (ATR) recently released a report describing a fileless attack targeting organizations involved with the Pyeongchang Olympics. The attack used a PowerShell implant that established a channel to the attacker’s server to gather basic system-level data. What was not determined at that time was what occurred after the attacker gained access to the victim’s system.

McAfee Labs

Malicious Document Targets Pyeongchang Olympics

McAfee Advanced Threat Research analysts have discovered a campaign targeting organizations involved with the Pyeongchang Olympics. Attached in an email was a malicious Microsoft Word document with the original file name 농식품부, 평창 동계올림픽 대비 축산악취 방지대책 관련기관 회의 개최.doc (“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”). The primary target of …

McAfee Labs

Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack

This blog post was co-written by Michael Rea. During our monitoring of activities around the APT28 threat group, McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research. This document likely marks the first …