State of the Hack: Ransom Acts of Flyness

Presented by FireEye FireEye's logo

Christopher and Nick kicked-off the latest episode with recent updates to the MITRE ATT&CK framework, including several techniques that they submitted.

During the episode they discuss Outlook add-in persistence, renamed binaries, and the high-level increase in execution guardrails observed - all of which were added in the May update to ATT&CK. They then spoke about CARBANAK Week; including how FireEye found the CARBANAK source code and the process behind releasing it.

They also give a few new details on FIN7's on-going operations, post-indictment to include the new front company and tactics used in their latest round of phishing. And based on viewer request they chat about the groups that deployed Robbinhood and other targeted ransomware (extortionware) initial infection vectors and lateral movement techniques. They broke down the possible offensive foreign counterintelligence operation (OFCO) that is the new APT34 "leaks" and separate the quality of the information from the stories around why it's being shared. They also quickly spoke on the latest in the trend of U.S. government indictments against Chinese individual operators and their experience leading the investigations behind many of these indictments and how they could be improved. And lastly, they give a threat research blog round-up; including research from FireEye, Chronicle, Kaspersky, and ESET.