An Update on Winnti (LEAD/APT17)

In our recent post "Winnti Evolution - Going Open Source,” Nate Marx and I shared new details on the Winnti APT group and their continued targeting of online gaming organizations. The purpose of this follow-up post is to share some new information about the group and their continued activities. »

Turla Watering Hole Campaigns 2016/2017

A common TTP of the Turla APT group has been based around watering hole attacks. In late 2016, we began observing what is now called the »

Identifying and Triaging DNS Traffic on Your Network

DNS is one of the most important protocols on the modern internet, and any incident responder must be intimately familiar with its inner workings to perform »