An intimate look at APT1, China’s Cyber-Espionage Threat

With good reason, the Mandiant report on Advanced Persistent Threat 1 (APT1) and reported operator Chinese PLA Unit 61398 (nicknamed Comment Crew) have been dominating recent news cycles. 

A recent New York Times article reported that,“While Comment Crew has drained terabytes of data from companies like Coca-Cola, increasingly its focus is on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks. According to the security researchers, one target was a company with remote ...

Meet Conrad, a Member of the Umbrella Labs Security Community

The Umbrella Security Labs research team is searching for smart, passionate Internet security experts to join our community. Why join the community? In the most recent Umbrella Security Labs webcast we exposed how our research team is using advanced Big Data mining tactics to classify and categorize websites. The Labs community members are on the front lines of predictive threat research, as they’re able to submit malicious and potentially malicious domains for community review and discussion. The community is made ...

Details on the NBC Attack as exposed by the Umbrella Security Graph

Today several NBC properties were compromised and found to be hosting an attacker toolkit which was designed to infect site visitors by installing the Citadel Trojan Horse.

The three-minute video below details everything we know about the attack. It also shares details on sites that could related to the attacks that were uncovered through our predictive threat analysis.

Follow us on Twitter where we’ll be sharing updates on the attack. 

Kelihos is back (with a vengeance) in its third incarnation

The Kelihos botnet is rising from the ashes. Although it was taken down by the combined initiatives of Microsoft and Kaspersky Labs in 2011, and again by the Kaspersky Labs and several security firms in 2012, recent research shows that it has emerged again.

The Kelihos botnet is used for information stealing (such as passwords and virtual currency) in addition to serving as a spam bot.  It was pointed out by Kaspersky labs following the second reemergence of Kelihos in 2012 that the botnet ...