no-image

Blackhat USA 2012 – Pushing Past Intrusion Tolerance, Cutting Edge Research

The Blackhat 2012 keynote started the event with Shawn Henry, former Executive Assistant Director of the Fbi, painting a grim, seemingly unspeakable picture of cyberespionage in the US. It was interesting that he continually spoke about the gravity of the situation and the need to apply what he learned at the Fbi to protecting digital assets, but he couldn’t describe a single concrete example. At the same time, other than a weapon of mass destruction, he claimed that cyber threats are the single biggest problem facing this nation. This inability to convey concrete details during the Blackhat keynote only highlights some of the problem in understanding the cyber problem. And it’s the problem of overclassification of computer network exploitation (CNE) incidents and a tangled set of dynamics that silence breach data sharing and exchange for this massive problem. Read Full Article

no-image

The Madi Campaign – Part II

The Madi infrastructure performs its surveillance operations and communications with a simple implementation as well. Five command and control (C2) web servers are currently up and running Microsoft IIS v7.0 web server along with exposed Microsoft Terminal service for RDP access, all maintaining identical copies of the server manager software. These servers also act as the stolen data drops. The stolen data seems to be poorly organized on the server side, requiring multiple operators to log in and investigate the data per each of the compromised systems that they are managing over time. This post will explore the Madi infrastructure, communications, data collection, and victims. Read Full Article

no-image

The Madi Campaign – Part I

For almost a year, an ongoing campaign to infiltrate computer systems throughout the Middle East has targeted individuals across Iran, Israel, Afghanistan and others scattered across the globe. Together with our partner, Seculert, we’ve thoroughly investigated this operation and named it the “Madi Campaign”, based on certain strings and handles used by the attackers. Read Full Article