The AlienVault Blogs: Taking On Today’s Threats

The most recent posts from across the AlienVault blogs.


Late-breaking discoveries and in-depth analysis.


Practical, how-to advice, tips and guidance.


Perspectives on trends and industry happenings.

Category: APT

Posted in Labs Blog

Last week, our friends from Norman published a great report on a cyber espionage campaign named Operation Hangover.  We have released some Yara rules to detect most of the payloads mentioned on the paper. You can download the rules from our Github space: On the other hand the Hangover attackers have been using several payloads with network capabilities to steal… Read more

Posted in: News, Attacks, Malware, Exploits, Snort, APT
Tags: malware, apt, hangover

Posted in Labs Blog

A few days ago we reported a new Watering Hole campaign affecting a U.S Department of Labor website. In our first analysis we reported that the exploited vulnerability was CVE-2012-4792 . Further analysis showed that the vulnerability exploited wasn’t CVE-2012-4792 but a new zeroday vulnerability affecting Internet Explorer 8 (CVE-2013-1347). It was confirmed by Microsoft that released… Read more

Posted in: Attacks, Malware, Exploits, Advisory, APT
Tags: cve-2013-1347

Posted in Labs Blog

During the last few hours we have identified that one the U.S. Department of Labor website has been hacked and it is serving malicious code. Clarification: The website affected is the The Department of Labor (DOL) Site Exposure Matrices (SEM) Website  “The Department of Labor (DOL) Site Exposure Matrices (SEM) Website is a repository… Read more

Posted in: Attacks, Exploits, APT
Tags: deep panda, cve-2012-4792

Posted in Labs Blog

Summary During the last few years, we have been publishing about a group of hackers who have focused on targeting DIB (Defence Industrial Base) and other government organizations: - Another Sykipot sample likely targeting US federal agencies - Are the Sykipot’s authors obsessed with next generation US drones? - Sykipot variant hijacks DOD and Windows smart cards -… Read more

Posted in: News, Attacks, Malware, Exploits, Snort, APT
Tags: sykipot, cve-2013-0640, cve-2012-1889, cve-2012-4969, cve-2012-1723

Posted in Labs Blog

Last month Adobe released a fix to patch a vulnerability that was being exploited in the wild. Kaspersky found that the 0day was being used by a very sophisthicated group to target different governments  using a malware called MiniDuke. Alienvault Labs have detected that a different group of attackers have been using this vulnerability to target non-governmental and human rights… Read more

Posted in: News, Attacks, Malware, Exploits, Snort, IP Reputation, APT
Tags: apt, tibet, cve-2013-0640, ynk japan, uyghur