News & Insights

Topic: Threat Intelligence

Sinkholing Magecart digital credit card skimmers from compromised e-commerce sites

November 13, 2018
RiskIQ/Flashpoint whitepaper released detailing the inner workings of Magecart's digital credit card skimming e-commerce site injection operations. Sinkhole data is available from Shadowserver.

The Italian Connection: An analysis of exploit supply chains and digital quartermasters

August 10, 2015
On July 5, 2015 an unknown hacker publicly announced on Twitter that he had breached the internal network of Hacking Team - an Italian pentesting company known to purchase 0-day exploits and produce their own trojans. The hacker proceeded to leak archives of internal Hacking Team tools and communications.

Displaying Shadowserver Data with Maltego

July 24, 2013
One of our core missions is to provide actionable data to network owners and researchers. Given this mission, we are constantly on the lookout for new and interesting ways to deliver our data and we are now pleased to announce that we have published a Maltego transform compatible with the Malformity Project.

Breaking the Kill Chain with Log Analysis

May 6, 2013
At Shadowserver we have observed cyber threat actors use strategic web compromise as an avenue to infect high-value victims. There are a number of ways that a threat actor can gain administrative access to a strategically important website.

Comment Group Cyber Espionage: Additional Information & Clarification

February 22, 2013
A cyber espionage threat group, frequently known as the Comment Group, has recently received a good bit of extra attention in the last few days. On February 18, 2013, Mandiant released a report detailing a substantial amount of information on the group.

Cyber Espionage & Strategic Web Compromises - Trusted Websites Serving Dangerous Results

May 15, 2012
In the last year, attackers engaged in cyber espionage have increasingly turned to the web to distribute their malware via drive-by exploits. The idea of distributing malware via drive-by exploits is not new at all.

Beware of what you download. Recent purported CEIEC document dump booby-trapped.

April 16, 2012
In recent weeks thousands documents have been released online by a hacktivist going by the online moniker of "Hardcore Charlie." These documents appear to have potentially been sourced and possibly stolen from various businesses and governments in different countries including the United States, the Philippines, Myanmar, Vietnam, and others.