The Anomali Blog: Research posts

The Anomali Blog

Analysis and perspectives from the leading voice in threat intelligence.

Category: Research

Anomali Threat Research
Anomali Threat Research April 19, 2021

Primitive Bear (Gamaredon) Targets Ukraine with Timely Themes

Russia-Sponsored Group Employs Apparently Legitimate Documents Aligned to Growing Hostilities Between Russia and Ukraine Authored by: Gage Mele, Yury Polozov, and Tara Gould Key Findings Anomali Threat Research discovered a campaign targeting Ukrainian government officials with malicious files that could be repurposed to target…

Anomali Threat Research
Anomali Threat Research March 31, 2021

Bahamut Possibly Responsible for Multi-Stage Infection Chain Campaign

Authored by: Gage Mele, Tara Gould, Winston Marydasan, and Yury Polozov Key Findings Anomali Threat Research discovered cyberthreat actors distributing malicious documents exploiting a vulnerability (CVE-2017-8570) during a multi-stage infection chain to install a Visual Basic (VB) executable on target machines. This exploitation…

Anomali Threat Research
Anomali Threat Research February 10, 2021

Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies

ScreenConnect Remote Access Tool Utilizing Ministry of Foreign Affairs-Themed EXEs and URLs Authored by: Gage Mele, Winston Marydasan, and Yury Polozov Key Findings Anomali Threat Research identified a campaign targeting government agencies in the United Arab Emirates (UAE) and likely the broader Middle East. We assess with medium…

Anomali Threat Research
Anomali Threat Research December 29, 2020

Anomali ThreatStream Sunburst Backdoor Custom Dashboard Provides Machine Readable IOCs Related To SolarWinds Supply Chain Attack

SolarWinds, a provider of IT management and monitoring software deployed by thousands of global customers, was breached between March and June of 2020 by an Advanced Persistent Threat (APT) that cybersecurity company FireEye is tracking as UNC2452. As part of the supply chain attack, the APT compromised the company’s Orion…

Anomali Threat Research
Anomali Threat Research December 21, 2020

Anomali Threat Research Warns Consumers: Don’t Use Bitcoin to Buy “Hatched” German Shepherds This Holiday Season

Key Findings In early December 2020, Anomali Threat Research identified a website engaging in fraudulent dog sales, specifically for German Shepherds. The analysis revealed 17 additional websites also engaging in pet fraud activities for birds and cats, as well as one phone number match for a Facebook page car fraud scheme, and…

Anomali Threat Research
Anomali Threat Research December 17, 2020

FireEye, SolarWinds Hacks Show that Detection is Key to Solid Defense

Several years back, industry analyst firm Gartner began circulating the idea that almost every major enterprise and government agency was either compromised or would be compromised at some point in time. This week, when we woke up to the news that FireEye and SolarWinds had joined the ranks of the hacked, we learned once again…

Anomali Threat Research
Anomali Threat Research June 25, 2020

Unknown China-Based APT Targeting Myanmarese Entities

Authored by: Parthiban Rajendran and Gage Mele Information cutoff date: 6/19/2020 Overview Anomali Threat Research has identified malicious activity targeting entities based in Myanmar (Burma) that appears to have begun in March 2020; this is based on file names and payload compilation times. An unidentified Advanced Persistent…

Subscribe to the Anomali Newsletter

Get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now