Review of Cyberattacks from US Intelligence Agencies
Common Information
| Type | Value |
|---|---|
| UUID | 5216bf24-f683-44c3-b690-ac2d88520eb0 |
| Fingerprint | d54586e257f3cf2c25d94cacd0f5decc0b5ff96be9d079ec0be9e246ee4b7a3b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 11, 2023, 4:03 p.m. |
| Added to db | April 14, 2024, 8:15 a.m. |
| Last updated | Aug. 31, 2024, 9:21 a.m. |
| Headline | Review of Cyberattacks from US Intelligence Agencies |
| Title | Review of Cyberattacks from US Intelligence Agencies |
| Detected Hints/Tags/Attributes | 348/3/247 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 67 | cve-2019-18935 |
|
| Details | Domain | 3 | community.broadcom.com |
|
| Details | Domain | 5 | docs.broadcom.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 20 | www.antiy.cn |
|
| Details | Domain | 21 | foreignpolicy.com |
|
| Details | Domain | 7 | www.langner.com |
|
| Details | Domain | 30 | blog.csdn.net |
|
| Details | Domain | 5 | www.yumpu.com |
|
| Details | Domain | 84 | www.forbes.com |
|
| Details | Domain | 2 | antiy.cn |
|
| Details | Domain | 34 | msrc-blog.microsoft.com |
|
| Details | Domain | 17 | www.crysys.hu |
|
| Details | Domain | 14 | www.antiy.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 122 | www.kaspersky.com |
|
| Details | Domain | 15 | media.kasperskycontenthub.com |
|
| Details | Domain | 83 | www.theguardian.com |
|
| Details | Domain | 57 | www.theregister.com |
|
| Details | Domain | 16 | www.spiegel.de |
|
| Details | Domain | 208 | mp.weixin.qq.com |
|
| Details | Domain | 4 | propublica.org |
|
| Details | Domain | 177 | www.wired.com |
|
| Details | Domain | 2 | rump2007.cr.yp.to |
|
| Details | Domain | 124 | www.nytimes.com |
|
| Details | Domain | 2 | www.cs.auckland.ac.nz |
|
| Details | Domain | 6 | blog.cryptographyengineering.com |
|
| Details | Domain | 2 | blog.0xbadc0de.be |
|
| Details | Domain | 113 | www.usenix.org |
|
| Details | Domain | 123 | www.reuters.com |
|
| Details | Domain | 2 | pure.tue.nl |
|
| Details | Domain | 13 | theintercept.com |
|
| Details | Domain | 6 | cysinfo.com |
|
| Details | Domain | 6 | www.pangulab.cn |
|
| Details | Domain | 2 | www.cybersecurity-review.com |
|
| Details | Domain | 10 | news.ycombinator.com |
|
| Details | Domain | 17 | www.xinhuanet.com |
|
| Details | Domain | 3 | www.cnvd.org.cn |
|
| Details | Domain | 2 | xjca.miit.gov.cn |
|
| Details | Domain | 12 | www.360.cn |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 6 | edwardsnowden.com |
|
| Details | Domain | 18 | www.rt.com |
|
| Details | Domain | 9 | news.xinhuanet.com |
|
| Details | Domain | 2 | security.zhiding.cn |
|
| Details | Domain | 2 | www.aqniu.com |
|
| Details | Domain | 60 | documents.trendmicro.com |
|
| Details | Domain | 141 | research.checkpoint.com |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 6 | www.cverc.org.cn |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 6 | baijiahao.baidu.com |
|
| Details | Domain | 222 | www.blackhat.com |
|
| Details | Domain | 2 | cisac.fsi.stanford.edu |
|
| Details | Domain | 175 | www.zdnet.com |
|
| Details | Domain | 247 | www.virusbulletin.com |
|
| Details | Domain | 2 | jia.sipa.columia.edu |
|
| Details | Domain | 35 | blackhat.com |
|
| Details | Domain | 2 | 2017-2021.commerce.gov |
|
| Details | Domain | 5 | www.defense.gov |
|
| Details | Domain | 61 | www.netscout.com |
|
| Details | Domain | 18 | www.uscc.gov |
|
| Details | Domain | 2 | www.crn.com.au |
|
| Details | Domain | 20 | cybersecurityventures.com |
|
| Details | File | 4 | rootkit.tmp |
|
| Details | File | 6 | 404.html |
|
| Details | File | 2 | 20100927.html |
|
| Details | File | 2 | 20101011.html |
|
| Details | File | 2 | 20120117.html |
|
| Details | File | 32 | blog.cs |
|
| Details | File | 2 | 261.html |
|
| Details | File | 2 | 20120531.html |
|
| Details | File | 5 | skywiper.pdf |
|
| Details | File | 4 | 20190930.html |
|
| Details | File | 2 | pionage_actor_returns.pdf |
|
| Details | File | 48 | www.spi |
|
| Details | File | 2 | 105358.html |
|
| Details | File | 2 | 201307.pdf |
|
| Details | File | 2 | 15-shumow.pdf |
|
| Details | File | 2 | nsa-foils-much-internet-encryption.html |
|
| Details | File | 252 | www.cs |
|
| Details | File | 2 | crypto_wont_help.pdf |
|
| Details | File | 3 | on-nsa.html |
|
| Details | File | 2 | sec14-paper-checkoway.pdf |
|
| Details | File | 2 | 588733604251427.pdf |
|
| Details | File | 2 | shadow_release_updated.pdf |
|
| Details | File | 5 | equation_group_questions_and_answers.pdf |
|
| Details | File | 4 | equation_antiy_report.html |
|
| Details | File | 2 | chniques.html |
|
| Details | File | 4 | equations.html |
|
| Details | File | 4 | equation_drug.html |
|
| Details | File | 2 | c_1120966771.htm |
|
| Details | File | 2 | art_f77d00b8fb7e4d808f551e0179b9141a.html |
|
| Details | File | 2 | 725.html |
|
| Details | File | 3 | antiy_wannacry_nsa.html |
|
| Details | File | 6 | wannacry.html |
|
| Details | File | 2 | 10169.html |
|
| Details | File | 2 | apt-tocs.html |
|
| Details | File | 2 | 20150929-isc.pdf |
|
| Details | File | 2 | c_128246851.htm |
|
| Details | File | 2 | project-camberdada.pdf |
|
| Details | File | 2 | c_1115727217.htm |
|
| Details | File | 2 | 20150625.html |
|
| Details | File | 2 | 8284.html |
|
| Details | File | 3 | clocksvc.exe |
|
| Details | File | 2 | from-the-shadow-brokers-leak.pdf |
|
| Details | File | 2 | news20220314-nopen.htm |
|
| Details | File | 2 | 20190601.html |
|
| Details | File | 2 | 07212014-a-schedule-update.html |
|
| Details | File | 3 | guerrero-saade-raiu-vb2017.pdf |
|
| Details | File | 2 | healey%20vep.pdf |
|
| Details | File | 2 | 20200304.html |
|
| Details | File | 2 | nsa.pdf |
|
| Details | File | 2 | dozen-chinese-companies-ties-wmd-and.html |
|
| Details | File | 2 | february_17_2022_hearing_transcript.pdf |
|
| Details | Threat Actor Identifier - APT-C | 7 | APT-C-40 |
|
| Details | Threat Actor Identifier - APT-C | 2 | APT-C-406 |
|
| Details | Threat Actor Identifier - APT-C | 9 | APT-C-39 |
|
| Details | Url | 2 | https://community.broadcom.com/symantecenterprise/communities/community- |
|
| Details | Url | 2 | https://docs.broadcom.com/doc/stuxnet-missing-link-13-en |
|
| Details | Url | 2 | https://docs.broadcom.com/doc/security-response-w32-stuxnet-dossier-11-en |
|
| Details | Url | 2 | https://community.broadcom.com/symantecenterprise/viewdocument/stuxnet-a- |
|
| Details | Url | 3 | https://securelist.com/stuxnet-zero-victims/67483 |
|
| Details | Url | 2 | https://www.antiy.cn/market/meeting/404.html |
|
| Details | Url | 2 | https://www.antiy.cn/research/notice&report/research_report/20100927.html |
|
| Details | Url | 2 | https://www.antiy.cn/research/notice&report/research_report/20101011.html |
|
| Details | Url | 2 | https://www.antiy.cn/research/notice&report/research_report/20120117.html |
|
| Details | Url | 2 | https://foreignpolicy.com/2013/11/19/stuxnets-secret-twin |
|
| Details | Url | 2 | https://www.langner.com/to-kill-a-centrifuge |
|
| Details | Url | 2 | https://blog.csdn.net/weixin_34403693/article/details/90540185 |
|
| Details | Url | 2 | https://www.yumpu.com/en/document/view/17515556/duqu-a-stuxnet-like-malware-found-in- |
|
| Details | Url | 2 | https://securelist.com/the-mystery-of-duqu-part-one/31177 |
|
| Details | Url | 2 | https://securelist.com/the-mystery-of-duqu-part-two/31445 |
|
| Details | Url | 2 | https://securelist.com/the-mystery-of-duqu-part-three/31486 |
|
| Details | Url | 1 | https://securelist.com/the-mystery-of-duqu-part-five-6/31208 |
|
| Details | Url | 2 | https://securelist.com/the-mystery-of-duqu-part-six-the-command-and-control-servers-36/31863 |
|
| Details | Url | 2 | https://securelist.com/stuxnetduqu-the-evolution-of-drivers/36462 |
|
| Details | Url | 2 | https://securelist.com/the-mystery-of-the-duqu-framework-6/32086 |
|
| Details | Url | 2 | https://securelist.com/the-mystery-of-duqu-framework-solved-7/32354 |
|
| Details | Url | 2 | https://securelist.com/the-mystery-of-duqu-part-ten/32668 |
|
| Details | Url | 2 | https://securelist.com/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor- |
|
| Details | Url | 2 | https://www.forbes.com/sites/eugenekaspersky/2015/06/10/why-hacking-us-was-a-silly-thing-to- |
|
| Details | Url | 2 | https://antiy.cn/research/notice&report/research_report/261.html |
|
| Details | Url | 1 | https://securelist.com/the-flame-questions-and-answers/34344 |
|
| Details | Url | 2 | https://www.antiy.cn/research/notice&report/research_report/20120531.html |
|
| Details | Url | 1 | https://msrc-blog.microsoft.com/2012/06/06/flame-malware-collision-attack-explained |
|
| Details | Url | 1 | https://www.crysys.hu/publications/files/skywiper.pdf |
|
| Details | Url | 2 | https://securelist.com/gauss-nation-state-cyber-surveillance-meets-banking-trojan-54/33854 |
|
| Details | Url | 4 | https://www.antiy.com/response/20190930.html |
|
| Details | Url | 2 | https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/90/duqu-uses-stuxnetlike- |
|
| Details | Url | 1 | https://securelist.com/the-roof-is-on-fire-tackling-flames-cc-servers/33033 |
|
| Details | Url | 1 | https://securelist.com/gadget-in-the-middle-flame-malware-spreading-vector-identified/33081 |
|
| Details | Url | 1 | https://securelist.com/flame-replication-via-windows-update-mitm-proxy-server/33002 |
|
| Details | Url | 2 | https://securelist.com/back-to-stuxnet-the-missing-link/33174 |
|
| Details | Url | 2 | https://securelist.com/the-day-the-stuxnet-died/33206 |
|
| Details | Url | 2 | https://securelist.com/gauss-abnormal-distribution/36620 |
|
| Details | Url | 2 | https://securelist.com/the-mystery-of-the-encrypted-gauss-payload-5/33561 |
|
| Details | Url | 2 | https://securelist.com/what-was-that-wiper-thing-48/34088 |
|
| Details | Url | 1 | https://securelist.com/full-analysis-of-flames-command-control-servers/34216 |
|
| Details | Url | 2 | https://www.kaspersky.com/about/press-releases/2015_duqu-is-back-kaspersky-lab-reveals- |
|
| Details | Url | 7 | https://media.kasperskycontenthub.com/wp- |
|
| Details | Url | 2 | https://securelist.com/the-duqu-2-0-persistence-module/70641 |
|
| Details | Url | 2 | https://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order |
|
| Details | Url | 2 | https://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity |
|
| Details | Url | 2 | https://www.theregister.com/2014/06/05/how_the_interenet_was_broken |
|
| Details | Url | 1 | https://www.spiegel.de/fotostrecke/qfire-die-vorwaertsverteidigng-der-nsa-fotostrecke- |
|
| Details | Url | 2 | https://www.antiy.cn/doc/market/201307.pdf |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/pnayxz9snk6fv_lgcfszdw |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/jhjzky8xiaeuochzbwjfsa |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/lzf16fchfv1fmg3iexq7xa |
|
| Details | Url | 2 | https://www.wired.com/1999/09/ms-denies-windows-spy-key |
|
| Details | Url | 2 | http://rump2007.cr.yp.to/15-shumow.pdf |
|
| Details | Url | 2 | https://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html |
|
| Details | Url | 2 | https://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_wont_help.pdf |
|
| Details | Url | 2 | https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security |
|
| Details | Url | 3 | http://blog.cryptographyengineering.com/2013/09/on-nsa.html |
|
| Details | Url | 2 | https://blog.0xbadc0de.be/archives/155 |
|
| Details | Url | 1 | https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf |
|
| Details | Url | 2 | https://www.reuters.com/article/us-usa-security-rsa-idusbre9bj1c220131220 |
|
| Details | Url | 1 | https://www.wired.com/2015/05/new-critical-encryption-bug-affects-thousands-sites |
|
| Details | Url | 1 | https://pure.tue.nl/ws/files/3854147/588733604251427.pdf |
|
| Details | Url | 2 | https://theintercept.com/2015/02/17/nsa-kaspersky-equation-group-malware |
|
| Details | Url | 2 | https://cysinfo.com/wp-content/uploads/2017/04/shadow_release_updated.pdf |
|
| Details | Url | 3 | https://securelist.com/equation-the-death-star-of-malware-galaxy/68750 |
|
| Details | Url | 4 | https://www.kaspersky.com/about/press-releases/2015_equation-group-the-crown-creator-of- |
|
| Details | Url | 2 | https://securelist.com/a-fanny-equation-i-am-your-father-stuxnet/68787 |
|
| Details | Url | 2 | https://securelist.com/equation-group-from-houston-with-love/68877 |
|
| Details | Url | 2 | https://securelist.com/inside-the-equationdrug-espionage-platform/69203 |
|
| Details | Url | 2 | http://securelist.com/the-equation-giveaway/75812 |
|
| Details | Url | 4 | https://www.antiy.com/response/equation_antiy_report.html |
|
| Details | Url | 2 | https://www.antiy.com/response/equation_part_of_the_component_analysis_of_cryptographic_te |
|
| Details | Url | 3 | https://www.pangulab.cn/post/the_bvp47_a_top-tier_backdoor_of_us_nsa_equation_group |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/yn8ajorqwcplev0tqhrgqq |
|
| Details | Url | 2 | https://www.cybersecurity-review.com/shadow-brokers-reveals-list-of-servers-hacked-by-the-nsa |
|
| Details | Url | 2 | https://news.ycombinator.com/item?id=12290623 |
|
| Details | Url | 4 | https://www.antiy.com/response/equations/equations.html |
|
| Details | Url | 4 | https://www.antiy.com/response/equation_drug/equation_drug.html |
|
| Details | Url | 2 | http://www.xinhuanet.com//world/2017-05/13/c_1120966771.htm |
|
| Details | Url | 2 | https://www.cnvd.org.cn/webinfo/show/4139 |
|
| Details | Url | 2 | https://xjca.miit.gov.cn/zwgk/wlaq/art/2020/art_f77d00b8fb7e4d808f551e0179b9141a.html |
|
| Details | Url | 2 | https://www.kaspersky.com/resource-center/threats/ransomware-wannacry |
|
| Details | Url | 2 | https://www.antiy.cn/research/notice&report/research_report/725.html |
|
| Details | Url | 3 | https://www.antiy.com/response/antiy_wannacry_nsa.html |
|
| Details | Url | 2 | https://www.antiy.com/response/wannacry.html |
|
| Details | Url | 2 | https://www.360.cn/n/10169.html |
|
| Details | Url | 2 | https://www.antiy.com/response/apt-tocs.html |
|
| Details | Url | 2 | https://www.antiy.com/presentation/20150929-isc.pdf |
|
| Details | Url | 5 | https://www.proofpoint.com/us/blog/threat-insight/cobalt-strike-favorite-tool-apt-crimeware |
|
| Details | Url | 2 | https://www.sentinelone.com/labs/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone |
|
| Details | Url | 2 | https://blog.csdn.net/smellycat000/article/details/125342296 |
|
| Details | Url | 2 | http://www.xinhuanet.com/world/2015-09/19/c_128246851.htm |
|
| Details | Url | 2 | https://edwardsnowden.com/wp-content/uploads/2015/06/project-camberdada.pdf |
|
| Details | Url | 2 | https://theintercept.com/document/2015/06/22/project-camberdada-nsa |
|
| Details | Url | 2 | https://www.wired.com/2015/06/us-british-spies-targeted-antivirus-companies |
|
| Details | Url | 2 | https://www.forbes.com/sites/thomasbrewster/2015/06/22/foreign-av-companies-targeted-by- |
|
| Details | Url | 2 | https://www.rt.com/usa/268891-nsa-gchq-software-kaspersky |
|
| Details | Url | 2 | http://news.xinhuanet.com/world/2015-06/25/c_1115727217.htm |
|
| Details | Url | 2 | https://www.antiy.com/press/20150625.html |
|
| Details | Url | 2 | http://security.zhiding.cn/security_zone/2015/0624/3055909.shtml |
|
| Details | Url | 2 | https://www.aqniu.com/vendor/8284.html |
|
| Details | Url | 2 | https://documents.trendmicro.com/assets/tech-brief-tildeb-analyzing-the-18-year-old-implant- |
|
| Details | Url | 4 | https://securelist.com/darkpulsar/88199 |
|
| Details | Url | 2 | https://research.checkpoint.com/2021/a-deep-dive-into-doublefeature-equation-groups-post- |
|
| Details | Url | 2 | https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked- |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/ifnvrmcuinr0obf7i1m4wg |
|
| Details | Url | 2 | https://www.cverc.org.cn/head/zhaiyao/news20220314-nopen.htm |
|
| Details | Url | 2 | https://mp.weixin.qq.com/s/j2l-czapzi3vj5dzopgzja |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/shadow-brokers-release-new-files-revealing- |
|
| Details | Url | 1 | https://www.timesofisrael.com/hacked-files-suggest-nsa-penetrated-swift-mideast-banks |
|
| Details | Url | 2 | https://www.antiy.com/response/20190601.html |
|
| Details | Url | 2 | https://baijiahao.baidu.com/s?id=1636198876284800319&wfr=spider&for=pc |
|
| Details | Url | 2 | https://www.blackhat.com/latestintel/07212014-a-schedule-update.html |
|
| Details | Url | 2 | https://cisac.fsi.stanford.edu/multimedia/forensic-dissection-stuxnet |
|
| Details | Url | 2 | https://www.zdnet.com/pictures/top-nsa-hacks-of-our-computers |
|
| Details | Url | 1 | https://www.virusbulletin.com/virusbulletin/2016/11/vb2016-paper-wave-your-false-flags- |
|
| Details | Url | 1 | https://jia.sipa.columia.edu/sites/default/files/attachments/healey%20vep.pdf |
|
| Details | Url | 2 | https://www.antiy.com/response/20200304.html |
|
| Details | Url | 1 | https://i.blackhat.com/usa-19/wednesday/us-19-tsai-infiltrating-corporate-intranet-like- |
|
| Details | Url | 2 | https://2017-2021.commerce.gov/news/press-releases/2020/05/commerce-department-add-two- |
|
| Details | Url | 2 | https://www.defense.gov/news/releases/release/article/3180636/dod-releases-list-of-peoples- |
|
| Details | Url | 2 | https://www.netscout.com/blog/asert/non-government-organization-support-government-hopes |
|
| Details | Url | 1 | https://www.uscc.gov/sites/default/files/2022-2/february_17_2022_hearing_transcript.pdf |
|
| Details | Url | 2 | https://www.crn.com.au/news/the-full-cybersecurity-500-list-401442 |
|
| Details | Url | 2 | https://cybersecurityventures.com/cybersecurity-500-by-the-numbers-breakdown-by-region |
|
| Details | Url | 2 | https://cybersecurityventures.com/china-cybersecurity-companies |
|
| Details | Url | 2 | https://cybersecurityventures.com/cybersecurity-500 |