Discover and read the best of Twitter Threads about #APT41

Most recents (5)

I’m going to be live tweeting the #FireEyeSummit technical track chaired by @stvemillertime
First up is @HoldSecurity discussing how to harvest information from botnets

#FireEyeSummit
@HoldSecurity Harvests information periodically from various botnet information panels (that give them view into the size and systems in the botnet).

Fun fact - Gozi botnet has so many systems connected all queries on the information panel time out

#FireEyeSummit
Read 91 tweets
Just finished an excellent conversation. There is a myth being perpetuated that once a capability is published that its value nullified. The evidence suggests otherwise. That goes for public release of tools AND custom APT capabilities. It is actor dependent.
We see multiple threat actors get attributed, and their capabilities "burned" in public view, and they keep going. Our most recent example is #APT41. However, this has been the norm. Sure, some roll implants upon "compromise." However, we shouldn't pretend that's default anymore.
Publishing on a capability is not the same as countering that capability. You have to actually thwart its use to drive an actor to invest in additional capabilities. This is precisely why public tooling on a grand scale facilitate state and criminal objectives. They're free.
Read 7 tweets
#StateOfTheHack: #APT41 - Double Dragon: The Spy Who Fragged Me pscp.tv/w/cCRRwTFWR1F2…
Get your copy of our #APT41 here. feye.io/apt41report
Don't worry podcast fans! This episode is available on #iTunes, #Spotify, and #GooglePlay. Follow the thread for direct links.
Read 7 tweets
We're doing a special #StateOfTheHack episode this week with two of the technical experts who worked for months to graduate the activity clusters into #APT41. I'm sure @cglyer will pepper in #DFIR war stories.

If you've read the report (below),
what QUESTIONS do you still have?
I plan to go deeper on #APT41's:
1️⃣ Supply chain compromises (and nuanced attrib)
2️⃣ Linux & Windows MBR bootkits and how they were found 😉
3️⃣ Third party access 🌶️
4️⃣ Legitimate web services use (and their obsession with Steam)
+concurrent ops, overlaps!
content.fireeye.com/apt-41/rpt-apt…
@FireEye 📺 #StateOfTheHack Stream
"Double Dragon: The Spy Who Fragged Me" 🎮
#APT41 with Jackie, Ray, and @cglyer
pscp.tv/FireEye/1vAGRW…
Read 9 tweets
The #APT41 report is out today. Years of work went into tracking this group. My predecessors should be proud of the hard work they did, and the team is proud to finally make this a thing. fireeye.com/blog/threat-re…
For those who have since left the club, this is UNC78. I know that means something to you former @Mandiant responders out there. In keeping with the traditions you set with APT1, we will continue to oppose unacceptable pillaging originating from China.
@Mandiant One of the most enjoyable moments I've had since working here was watching our #ManagedDefense roll on #APT41 during an intrusion into one of our clients. It was a short intrusion, but watching the rapid response supported by actionable technical intelligence was something.
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!