Arbor Threat Intelligence

Arbor's Security Engineering & Response Team (ASERT) Blog
image description

Lojack Becomes a Double-Agent

Executive Summary ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains.  The InfoSec community and the U.S. government have both attributed Fancy Bear activity to Russian espionage activity.  Fancy Bear actors typically choose […]

Read more

memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations

ASERT Threat Summary: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations Date/Time: 27022018 2325UTC Title/Number: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations – February 2018 – v1.4. Severity: Critical Distribution: TLP WHITE (see <https://www.us-cert.gov/tlp>) Categories: Availability Authors: Roland Dobbins & Steinthor Bjarnason Contributors: Keshav […]

Read more

Musical Chairs Playing Tetris

February 20, 2018: This blog has been amended since it was originally published on February 15, 2018. This version removes the association with the APT group responsible for the Night Dragon campaign that we had incorrectly made. We thank the research team at Palo Alto […]

Read more

The ARC of Satori

Authors: Pete Arzamendi, Matt Bing, and Kirk Soluk. Satori, the heir-apparent to the infamous IOT malware Mirai, was discovered by researchers in December 2017. The word “satori” means “enlightenment” or “understanding” in Japanese, but the evolution of the Satori malware has brought anything but clarity. […]

Read more