News & Insights

At Shadowserver we have observed cyber threat actors use strategic web compromise as an avenue to infect high-value victims. There are a number of ways that a threat actor can gain administrative access to a strategically important website.

As individuals and as a group we have been collecting malware for many years. The Shadowserver Foundation repository dates back to 2005 and we collected our first million shortly after we actually started counting.

A cyber espionage threat group, frequently known as the Comment Group, has recently received a good bit of extra attention in the last few days. On February 18, 2013, Mandiant released a report detailing a substantial amount of information on the group.

You track botnets? Right, we do as well. You spent your weekends building your slick botnet trackers and some fancy web interface? Damn, we did too. But let's face the truth, DDoS is boring. What gives better sense to your day than some random crook trolling you and your monitoring infrastructure? Nothing. So here's what happened today...

Over the past seven years the Shadowserver Foundation has been successfully executing its mission to improve Internet Security by sharing information of compromised servers, malicious attackers and the spread of malware. We have been brazen in our core philosophy to share information freely and at no obligation.

In the last year, attackers engaged in cyber espionage have increasingly turned to the web to distribute their malware via drive-by exploits. The idea of distributing malware via drive-by exploits is not new at all.

In recent weeks thousands documents have been released online by a hacktivist going by the online moniker of "Hardcore Charlie." These documents appear to have potentially been sourced and possibly stolen from various businesses and governments in different countries including the United States, the Philippines, Myanmar, Vietnam, and others.

In the last couple of weeks we have dropped almost 2500 C&C's from our tracking system. This may seem extreme but is was something of a necessity. It should also bring up the question of validity of the rest of our C&C counts that you see.