News & Insights

Topic: Threat Intelligence

Beyond the SISSDEN event horizon

October 1, 2019
Between May 2016 and April 2019, The Shadowserver Foundation participated in the SISSDEN EU Horizon 2020 project. The main goal of the project was to improve the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It exceeded KPIs, with 257 sensors in 59 countries, using 974 IP addresses across 119 ASNs and 383 unique /24 (Class C) networks, and collected 31TB of threat data. This blog post provides detail on Shadowserver's role in SISSDEN, including a 3 minute explainer video.

Sinkholing Magecart digital credit card skimmers from compromised e-commerce sites

November 13, 2018
RiskIQ/Flashpoint whitepaper released detailing the inner workings of Magecart's digital credit card skimming e-commerce site injection operations. Sinkhole data is available from Shadowserver.

The Italian Connection: An analysis of exploit supply chains and digital quartermasters

August 10, 2015
On July 5, 2015 an unknown hacker publicly announced on Twitter that he had breached the internal network of Hacking Team - an Italian pentesting company known to purchase 0-day exploits and produce their own trojans. The hacker proceeded to leak archives of internal Hacking Team tools and communications.

Displaying Shadowserver Data with Maltego

July 24, 2013
One of our core missions is to provide actionable data to network owners and researchers. Given this mission, we are constantly on the lookout for new and interesting ways to deliver our data and we are now pleased to announce that we have published a Maltego transform compatible with the Malformity Project.

Breaking the Kill Chain with Log Analysis

May 6, 2013
At Shadowserver we have observed cyber threat actors use strategic web compromise as an avenue to infect high-value victims. There are a number of ways that a threat actor can gain administrative access to a strategically important website.

Comment Group Cyber Espionage: Additional Information & Clarification

February 22, 2013
A cyber espionage threat group, frequently known as the Comment Group, has recently received a good bit of extra attention in the last few days. On February 18, 2013, Mandiant released a report detailing a substantial amount of information on the group.

Cyber Espionage & Strategic Web Compromises - Trusted Websites Serving Dangerous Results

May 15, 2012
In the last year, attackers engaged in cyber espionage have increasingly turned to the web to distribute their malware via drive-by exploits. The idea of distributing malware via drive-by exploits is not new at all.

Beware of what you download. Recent purported CEIEC document dump booby-trapped.

April 16, 2012
In recent weeks thousands documents have been released online by a hacktivist going by the online moniker of "Hardcore Charlie." These documents appear to have potentially been sourced and possibly stolen from various businesses and governments in different countries including the United States, the Philippines, Myanmar, Vietnam, and others.