The Anomali Blog: Research posts

The Anomali Blog

Analysis and perspectives from the leading voice in threat intelligence.

Category: Research

Anomali Threat Research
Anomali Threat Research December 29, 2020

Anomali ThreatStream Sunburst Backdoor Custom Dashboard Provides Machine Readable IOCs Related To SolarWinds Supply Chain Attack

SolarWinds, a provider of IT management and monitoring software deployed by thousands of global customers, was breached between March and June of 2020 by an Advanced Persistent Threat (APT) that cybersecurity company FireEye is tracking as UNC2452. As part of the supply chain attack, the APT compromised the company’s Orion…

Anomali Threat Research
Anomali Threat Research December 21, 2020

Anomali Threat Research Warns Consumers: Don’t Use Bitcoin to Buy “Hatched” German Shepherds This Holiday Season

Key Findings In early December 2020, Anomali Threat Research identified a website engaging in fraudulent dog sales, specifically for German Shepherds. The analysis revealed 17 additional websites also engaging in pet fraud activities for birds and cats, as well as one phone number match for a Facebook page car fraud scheme, and…

Anomali Threat Research
Anomali Threat Research December 17, 2020

FireEye, SolarWinds Hacks Show that Detection is Key to Solid Defense

Several years back, industry analyst firm Gartner began circulating the idea that almost every major enterprise and government agency was either compromised or would be compromised at some point in time. This week, when we woke up to the news that FireEye and SolarWinds had joined the ranks of the hacked, we learned once again…

Anomali Threat Research
Anomali Threat Research June 25, 2020

Unknown China-Based APT Targeting Myanmarese Entities

Authored by: Parthiban Rajendran and Gage Mele Information cutoff date: 6/19/2020 Overview Anomali Threat Research has identified malicious activity targeting entities based in Myanmar (Burma) that appears to have begun in March 2020; this is based on file names and payload compilation times. An unidentified Advanced Persistent…

Anomali Threat Research
Anomali Threat Research June 10, 2020

Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal Data

Authored by: Tara Gould, Gage Mele, Parthiban Rajendran, and Rory GouldOverviewThreat actors are distributing fake Android applications themed around official government COVID-19 contact tracing apps. Anomali Threat Research (ATR) identified multiple applications that contain malware, primarily Anubis and SpyNote, and other…

Anomali Threat Research
Anomali Threat Research April 30, 2020

Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center

Authored by: Sara Moore, Joakim Kennedy, Parthiban R, and Rory GouldThe Anomali Threat Research Team detected a spear phishing email targeting government employees in the Municipality of Da Nang, Vietnam. The email contained a malicious Microsoft Excel document which drops a malicious Dynamic-Link Library (DLL) providing the actor…

Winston Marydasan & Gage Mele
Winston Marydasan & Gage Mele April 9, 2020

COVID-19 Themed HawkEye Phishing Campaign Targets Healthcare Sector: Dissection of the MalDoc and the Two-Way Approach

OverviewThreat actors continue to utilize COVID-19-themed lures to distribute malware as the world responds to the Coronavirus pandemic. Anomali researchers have identified a phishing campaign that is distributing HawkEye malware via Rich Text Format (RTF) documents. This campaign is interesting because HawkEye is a commodity…

Subscribe to the Anomali Newsletter

Get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now