News & Insights

Dridex update: The wheels of international Law Enforcement keep on turning

December 5, 2019
The Dridex botnet was sinkholed in October 2015 and the infected victims remediated via Shadowserver's free daily network reports. In December 2019, the US DoJ, FBI and UK NCA unsealed criminal charges against other actors alleged to be behind the Dridex botnet’s activities, via an organization self described as “Evil Corp”. This included a record US $5M FBI Most Wanted cyber criminal reward being offered.

Beyond the SISSDEN event horizon

October 1, 2019
Between May 2016 and April 2019, The Shadowserver Foundation participated in the SISSDEN EU Horizon 2020 project. The main goal of the project was to improve the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It exceeded KPIs, with 257 sensors in 59 countries, using 974 IP addresses across 119 ASNs and 383 unique /24 (Class C) networks, and collected 31TB of threat data. This blog post provides detail on Shadowserver's role in SISSDEN, including a 3 minute explainer video.

Of Vacations and Armageddon

June 3, 2019
2019-06-02 - 0820 UTC-7 - It seems that the power company "accidentally" turned off all the power to the building where our data center resides for about 20 minutes.  This of course took everything out. 

Goznym Indictments - action following on from successful Avalanche Operations

May 16, 2019
The US DoJ, FBI and international LE partners announce multiple indictments against the alleged operators and customers of the Goznym malware, controlled via the Avalanche platform. Sinkhole data continues to be available from The Shadowserver Foundation, as part of ongoing sinkholing over over 20 Avalanche malware strains.

Sighting of Mythical New Shadowserver Website Confirmed!

April 24, 2019
After over a decade over operations, the Shadowserver Foundation finally launches a shiny new website. The new site hopefully better explains to the public our values, free services and constituents, and what we continue to do to improve the overall security of the Internet. Our team, focus and mission remain otherwise unchanged. But we may hopefully spare ourselves the occasional embarrassing question!

Recent additions to our available free daily network report types

April 18, 2019
Shadowserver has been participating in an EU Horizon 2020 funded project called SISSDEN from May 2016 to April 2019. Multiple network report types have become available due to the deployment and operation of a new large scale distributed honeypot sensor network, as well as from other SISSDEN partner collected attack data sets. This data is available to subscribers via our free daily network remediation reports.

In the Service of National CERT’s (revisited)

April 2, 2019
Shadowserver recently achieved the significant milestone of having our 100th National CERT/CSIRT sign up for our free daily network reports, so we though that this would be a good moment to provide an update on our global network remediation coverage.

Mirai Botnet #14: 1 Million German customers disrupted, Liberia taken off line and now the culprit has been convicted

January 12, 2019
The huge Mirai Botnet #14 IoT botnet attacks were successfully stopped and sinkholed by the German BKA and The Shadowserver Foundation, and the actor behind them was identified, arrested and prosecuted in both Germany (with the BKA) and the UK (with the NCA). Sentencing details were made public in the UK today.

One Billion Binaries

December 10, 2018
Breaking news: Shadowserver's malware repository now exceeds the One Billion Binaries milestone (and, spoiler alert - not everyone in the team is as excited by this news as some of us). We provide a little bit of history about the growth of our malware collection, and the some of the challenges we continue to face.

Avalanche 1,2,3…

December 2, 2018
Year 3 of our ongoing Avalanche operations with international law enforcement continue to provide protection for over 2 million unique IP addresses per day against 20+ different strains of malware, including the Andromeda dropper from year two. This has required an unprecedented blocking/seizing of over 2.4 million malicious domain names to date. Sinkhole data continues to be available to subscribers via our free daily network reports.