Hi [[ session.user.profile.firstName ]]

Operation “Ke3chang”: A Detailed Look Into a Newly Discovered APT Campaign

In 2013, Chinese threat actors launched a cyber espionage campaign, called "Ke3chang," that compromised government ministries across Europe. But, as FireEye Labs uncovered, the attackers were active since at least 2010—using the same types of malware to target a wide range of industries.

Join a live briefing on Operation Ke3chang, including how FireEye researchers were able to infiltrate a critical command-and-control (CnC) server, giving them a rare window into the attackers' techniques.

Why you should attend:
- Get Insight into the APT Campaign - Hear what FireEye discovered after gaining access to the CnC server.
- Learn How the Campaign Evolved - See how the attacks have changed and unfolded over the years.
- Understand the Tools and Techniques - Learn how the attackers were highly selective in their targets and careful to cover their tracks.
Recorded Dec 17 2013 52 mins
Your place is confirmed,
we'll send you email reminders
Presented by
FireEye Labs Research Team
Presentation preview: Operation “Ke3chang”: A Detailed Look Into a Newly Discovered APT Campaign
  • Channel
  • Channel profile
  • Emerging Global Cyber Threats Nov 2 2017 3:00 pm UTC 60 mins
    John Hultquist, Director, Analysis, GSI, FireEye, Inc.
    To properly establish your cyber defenses, you must know your opponent.

    Cyber security attackers are constantly innovating; their threat activities continue to grow on a global scale. Your organization needs to ensure that it adapts to the realities of the evolving threat landscape and business risks.

    Attend this webinar to see John Hultquist, Director of Intelligence Analysis at FireEye, offer:

    • An overview of emerging threats from around the world
    • Insights into the most impactful threats affecting your cyber security operations
    • Expert assessments and implications your organization should consider, provided by the FireEye Threat Intelligence Team

    REGISTER NOW

    Part two of a two-part series.

    Don’t miss part one: Cyber Threat Intelligence: Learn How It Drives World-Class Security

    Please visit: https://www2.fireeye.com/Webinar-How-CTI-Drives-World-Class-Security.html
  • Cyber Threat Intelligence: Learn How It Can Drive World-Class Security Oct 5 2017 3:00 pm UTC 60 mins
    Jeff Berg, Principal Consultant, Cyber Threat Intelligence & Jeff Compton, Principal Consultant, Cyber Threat Intelligence
    The adoption of Cyber Threat Intelligence (CTI) is increasing across organizations like yours—adding value to all segments of security operations and the business.

    When it is better utilized, CTI significantly enhances an organization’s ability to anticipate, identify, respond to, and remediate threats.

    Attend this webinar to see cyber security veterans Jeff Berg and Jeff Compton share a case study to show how you can:
    •Identify and leverage core competencies to build an intelligence-led strategy
    •Develop a best-in-class CTI program framework
    •Scope your intelligence function
    •Sidestep common pitfalls and resistance
    •Establish growth and maturity metrics
    •Anticipate and recognize near and long-term wins


    REGISTER NOW!

    This is part one of a two-part series.

    Don’t miss part 2: Emerging Global Cyber Threats on November 2.

    To learn more visit: https://www2.fireeye.com/Webinar-Emerging-Global-Threats.html
  • The Next Level of Smarter Endpoint Protection: Going Beyond Anti-Virus Products Sep 26 2017 3:00 pm UTC 60 mins
    Jim Waggoner, Sr. Director, Product Management
    Antivirus (AV) protection has been the foundation for endpoint security for decades despite its known gaps. To address evolving threats, organizations need an integrated endpoint solution that can fortify their defenses.

    On September 26, Jim Waggoner, Sr. Director, Product Management for FireEye will detail:
    •Why endpoint security products have not provided complete protection
    •Capabilities required for a comprehensive endpoint protection solution
    oAV with threat intelligence
    oDetection and response
    oBehavior and exploit analysis
    oVisibility and automation
    •How the latest FireEye Endpoint Security solution enables you to go from detection to investigation and remediation quickly, all with a single agent

    Attend this webinar as the first step toward a smarter, more adaptive approach to endpoint security.
  • Are You Ready to Respond? Recorded: Jul 20 2017 59 mins
    Troy Scavella, FireEye Principal Consultant and Ahmet Rifki, Sr. Consultant
    “In our current state of cyber security, security breaches are inevitable.” -- Kevin Mandia, CEO, FireEye

    In 2016 there were 1,093 publicized cyber security breaches. That’s a 40% increase from 2015. Given this era’s up surge in breach activity, it’s no longer about whether you’ll be breached. It’s how you’ll respond when you are breached. Organizations with a well-designed response capability are better off.

    Join Troy Scavella, FireEye Principal Consultant and Ahmet Rifki, Sr. Consultant, for our webinar on July 20. They will cover several topics including:

    •Six primary areas of focus for an effective response plan
    •Best practices for each of those areas
    •Examples of how deficiencies in any area reduce an organization’s ability to effectively detect and respond to a cyber security incident, whether targeted or opportunistic
  • Intelligence-First: How Intelligence Enriches Security Consulting Services Recorded: May 24 2017 54 mins
    Jeff Berg, Sr. Manager, Cyber Threat Intelligence & Brad Bell, Mandiant Principal Consultant
    Join Jeff Berg, Sr. Manager of Cyber Threat Intelligence, and Brad Bell, Mandiant Principal Consultant, as they share the role of cyber threat intelligence in strategic security consulting services and why services based on compliance-based best practices and industry standards may not be an effective way to protect your organization against a rapidly evolving threat landscape. 

    Key takeaways:

    • The role cyber threat intelligence plays in strategic security consulting services
    • Why services rooted in compliance-based best practices and industry standards aren’t effective
    • Case studies where different types of intelligence added value to service portfolio
  • APT32: New Cyber Espionage Group Recorded: May 24 2017 57 mins
    Nick Carr, Sr. Manager Incident Response, Mandiant, a FireEye Company
    Learn more about APT32 (OceanLotus Group), a Southeast Asian cyber espionage group threatening multi-national companies operating in Vietnam. After long-term monitoring and response of their activities, FireEye has given this threat actor the newest APT designation.

    Join Nick Carr, Sr. Manager of Incident Response, as he shares how Mandiant, iSIGHT Intelligence and FireEye as a Service teams reveal:

    • Who is part of APT32, where they are based, whom they target and how they operate
    • Advice on how to defend against, hunt for and respond to APT32
    • How your organization can improve your ability to detect, prevent and remediate APT32 attacks
  • Tips & Tricks: Make the Most of FireEye Network Security Recorded: May 18 2017 55 mins
    Bikram Gupta, Director of Product Marketing
    Although FireEye Network Security is ready to use out-of-the-box, simplicity does not imply a lack of sophistication. There may be a variety of capabilities that practitioners can take advantage of when maximizing the value of their Network Security solution.

    In this webinar, we present variety of tips, tricks, and secrets collected from FireEye engineers, architects, incident responders, and analysts to:

    •Enhance detection efficacy
    •Accelerate response to alerts
    •Streamline system administration
    •Improve alert management
    •Perform health checks.

    SPECIAL OFFER: All attendees will be offered a free FireEye Network Security health check at the end of the webinar.
  • Smarter Endpoint Security: How to Go Beyond Prevention Recorded: May 2 2017 49 mins
    Jim Waggoner, Sr. Director, Endpoint Product Management
    Today’s endpoint security products do what they were designed to do, but they still leave gaps in protection. Comprehensive endpoint protection requires prevention, AV, endpoint detection and response (EDR) and other capabilities. Even when organizations adopt multiple point products, there are still gaps in their endpoint protection.

    Some companies tout “next-generation endpoint security,” but what does that mean? Jim Waggoner, Sr. Director of Endpoint Product Management at FireEye will tell you how to make sure your next-generation endpoint security solution is delivering a comprehensive. In this webinar, you will:

    > Learn about the current endpoint security landscape and the challenges it poses
    > Find out what makes EDR capabilities valuable
    > Understand why threat intelligence is important and how it affects endpoint threat detection and prevention
    > Discover why a single endpoint agent should include (1) Multiple detection and prevention engines, (2) Integrated workflows from detection to investigation to remediation, and (3) Scalable, multiple form factors and breadth of OS support
  • 10 Security Best Practices for Government Organizations Recorded: Apr 20 2017 53 mins
    Tony Cole, Vice President and Global Government Chief Technology Officer, FireEye
    Government networks, critical infrastructure and data are under a constant state of attack. The nature of these threats evolve on a daily basis. Hacktivists, nation states and cyber criminals push people, processes and technologies that make up Government cyber defenses to their breaking points.

    In this webinar, Tony Cole, Vice President and Global Government Chief Technology Officer at FireEye, will be sharing how to:

    -- Interpret and respond to trends in adversary capabilities and motivations.
    -- Integrate and apply cyber intelligence to reduce risk, cost and operational overhead.
    -- Improve readiness and response to minimize the impact of a breach.

    Learn how you can apply best practices in intelligence-led security into your defenses.
  • Containing the Career Impact of Cybercrime Recorded: Feb 23 2017 55 mins
    Chris Leach, Chief Technologist, HPE. Josh Goldfarb, VP & CTO - Emerging Technologies, FireEye.
    Cyber truths and CEOs
    Security industry experts say that the nature and complexity of today’s cyberattacks are beyond the scope of even the largest companies. We’ve seen the headline making news. Big brand companies once thought to be impenetrable, have fallen victim to targeted cyberattacks inflicting significant financial damages to their businesses.

    Financial fall out and executive reputation
    Such breaches are hitting corporations where it hurts the most: the bottom line. A prominent bank recently felt the staggering loss of $81 million resulting from a breach.

    Elevate and propagate
    Battling hackers, state actors, and sophisticated cybercrime organizations may seem like a never-ending, daunting task.

    Please join us as FireEye and HPE Chief Technology Officers reveal a five-point tactical plan to mitigate risk and keep your reputation intact.

    What you’ll learn:

    1.Creating a Risk Profile to assess your organization’s risk level.
    2.CEO engagement. Understanding the amount of time, resources and commitment needed to minimize threat exposure.
    3.Roles and investment. Guidelines for technology, personnel, and budget.
    4.Risks and ramifications. Pinpoint the gaps.
    5.Seek the advice of experts. Don’t stake your reputation by going it alone.

    See you online!

    The FireEye HPE team
  • Two-Factor, Too Furious: Subverting (and Protecting) Multi-factor Authentication Recorded: Jan 26 2017 42 mins
    Austin Baker, Sr. Consultant (Mandiant), Patrick Charbonneau, Consultant (Mandiant)
    Multi-Factor Authentication (MFA) is the standard for protecting sensitive systems and credentials. What once was limited to physical tokens and keycodes has expanded into digital tokens, phone applications, and password vaults, all in the effort to offer additional safeguards for critical access points like VPN connectivity and system administrator accounts.

    While MFA is now an industry-standard security practice, monitoring and protecting these implementations from exploitation is not widely practiced.

    Gathered from the trenches of both our Incident Responders and Red Teamers, here is a quick introduction to the problems faced with common MFA systems, the ways real-world attackers (e.g. APT28 & ATP29) and our Red Team have bypassed or subverted them, and some techniques your team can use to further protect the multi-factor keys to your kingdom.

    Register today to learn from our experts.
  • 2017 Cyber Security Predictions Recorded: Dec 15 2016 57 mins
    Stuart McKenzie, VP of EMEA, Mandiant. Gerasimos Stellatos, Director, Mandiant.
    Major events of 2016 have created great uncertainty about the future, but in cyber security one thing is certain: Some attacks and crimes will continue and new challenges will emerge.

    What new developments in cyber security should you expect in 2017?
    Join us to hear from some of FireEye top experts about our predictions for 2017 which draw from our executive team, Mandiant incident responders, FireEye iSIGHT Intelligence and FireEye Labs. These insights include:

    •What investments in security organizations will make in 2017
    •Which industry or type of organization might unexpectedly become a target of threat groups in 2017
    •How threat groups will continue to target industrial control systems (ICS) in the near future
    •What the future hold for less security-mature regions in Asia Pacific and EMEA

    Register today to understand what lies ahead, so you can prepare to stay one step ahead of cyber security threats.
  • 2016 FireEye Government Forum featuring Virginia Governor Terry McAuliffe Recorded: Dec 13 2016 21 mins
    Terry AcAuliffe, Govenor of Virginia
    Register today to watch this free encore presentation from the 2016 FireEye Government Forum featuring Virginia Governor Terry McAuliffe. Watch from the convenience of your computer as Governor McAuliffe discusses the importance of making cyber security a priority at the state and federal level, particularly as cyber attacks are on the increase.

    Additional topics discussed include:
    • What Virginia is doing to address the cyber skills gap, and fill job openings
    • Cyber challenges facing state and federal agencies
    • Steps Virginia has taken to increase its investment in cyber security
    • How and why he wants to make Virginia the cyber capital of America
  • The Rise of Security Orchestration: Myths and Truths Recorded: Dec 6 2016 50 mins
    Paul Nguyen, VP of Orchestration & Integration, FireEye. Joseph Blankenship, Sr. Analyst, Forrester.
    Most security programs are understaffed and overwhelmed with alerts, often defined by processes that rely on manual intervention and containment. They must keep pace with attackers who have access to intellectual resources, computing power and the backbone of the fastest digital delivery networks.

    Security orchestration levels the battlefield by bringing together disparate technologies and incident handling processes into a single console and facilitates processes with automation. The goal is to improve response time, reduce risk exposure and maintain consistent security processes.

    Join this webinar with Paul Nguyen, VP of Orchestration and Integration at FireEye and guest speaker Joseph Blankenship of Forrester to learn what orchestration really is, how to use it, and how to recognize a quality orchestration solution. You’ll discover:

    •Why we are seeing a rise in security orchestration
    •Where the market is movingHow to get the most out of orchestration
    •Which orchestration capabilities are essential and which are differentiators
    •What drivers and functional capabilities will define the market
    •How to best evaluate and deploy orchestration solutions

    Register today for the latest on orchestration from FireEye and Forrester experts.

    The FireEye Team
  • Operationalizing Threat Intelligence Recorded: Nov 17 2016 51 mins
    Jeff Berg, Sr. Manager, Cyber Threat Intelligence Services, Mandiant
    In a rapidly evolving threat landscape with the realities of limited security program resources, it can be difficult for organizations to know what the most critical risks and exposures are, presently and looking forward. While most organizations recognize the importance of cyber threat intelligence (CTI), Mandiant consulting frequently finds organizations have limited capabilities to operationalize CTI throughout all aspects of their security program.

    A recent online poll conducted by FireEye about the operational use of CTI found that 84% of responders use threat intelligence for business decision-making. 67% use it to make decisions about resources and security tools while 17% said they use it for risk assessment on new business initiatives. 17% don’t use it at all.

    In this webinar, Jeff Berg, Senior Manager of Mandiant’s Cyber Threat Intelligence Services, discusses the role of intelligence in cyber security programs and steps organizations can take to transform security operations to be intelligence-led, so they can continuously adapt to the threat landscape, and ultimately infuse intelligence capabilities across the entire organization for informed decision making.
  • The Real World Value of Cyber Threat Intelligence Recorded: Nov 15 2016 57 mins
    Laura Galante, Dir, Threat Intel Production/Analysis, FireEye. Jayce Nichols, Dir., Threat Intel Research, FireEye.
    Modern cyber attackers are sophisticated, well-funded, well-organized and use highly-targeted techniques that leave technology-only security strategies exposed. To identify and stop attackers, organizations need to understand how they think, how they work, and what they want. Why? Because today, the most serious data breaches and disruptions result from well-planned, complex attacks that target specific companies or industries. Bolster your defenses with a proactive, forward-looking approach to security. Join our live webcast, Tuesday, November 15 at 2:00pm ET to learn:

    -What cyber threat intelligence truly is and the benefits of being intelligence-led.
    -How to tailor threat intelligence to your unique security mission.
    -How FireEye iSIGHT’s 160 security experts around the globe mobilize to transform raw information into finished actionable intelligence.

    Hunt advanced, tiered attacks lying in wait within your systems. Prioritize the most relevant threats amidst 1,000s of daily security alerts. Join us live and discover how savvy organizations operationalize intelligence up and down the organization to preempt attack, inform strategy and more.

    Register today.
  • Why Today’s Changing Threat Landscape Requires Agile Security Recorded: Nov 9 2016 60 mins
    Rajiv Raghunarayan, Sr. Director, Product Marketing, FireEye. Robert Westervelt, Research Manager, IDC.
    Advanced threats continue to grow in severity, complexity and reach as threat actors expand their attacks to hit soft targets. Adding to this, as business workloads move to the cloud, and as shadow IT continues to proliferate, unforeseen security gaps expose new vectors for exploit and abuse.

    Attacks are not just targeting the core of a network, nor are they limited to just large scale enterprises. More and more, threat actors are aiming at vulnerable endpoints, distributed network environments and porous perimeter defenses. To combat this, security solutions need to be as agile as today’s threat actors.

    In this webinar, we will discuss the changing threat landscape and how today’s threat actors and advanced malware are impacting businesses of all sizes and types. Additionally, we will examine new security solutions and deployment models that provide agility, flexibility and widespread protective reach that scales and grows with IT and security needs.
  • 10 Components for Proactive Cyber Security Recorded: Oct 26 2016 59 mins
    Tim Appleby, Sr. Manager, Security Program Assessments, Mandiant Consulting.
    Cybersecurity awareness is growing as more organizations learn they are vulnerable to an attack. While compliance with regulatory and security audit requirements provides a starting point, it alone will not keep the organization safe. An effective security program needs to be multifaceted, integrating people, processes and technologies across all layers of the organization. The specifics vary due to industry, size and geographic presence, as well the level of risk the organization is willing to accept.

    Mandiant Sr. Manager Tim Appleby will discuss the benefits of proactive preparedness and 10 key areas that should be considered in order to form a holistic security program, and discuss how priorities can vary based on industry, size and geography.

    As usual, we'll leave plenty of time for Q&A.
  • Crisis Communication After an Attack Recorded: Oct 19 2016 62 mins
    Chris Leach, Chief Technologist (HPE). Vitor De Souza, VP, Global Communications (FireEye)
    Are you prepared?
    It’s headline news. Cyber attackers are increasingly more sophisticated and data breaches are becoming common place. Some say “it’s not a question of if you’ll be breached, but when”. You need a plan.

    Even the most security-conscious organizations are not prepared for the necessary actions needed to gain control after a cyberattack. Preparing an emergency response communication plan keeps stakeholders informed following a breach. Taking an early communication approach will combat rumor and conjecture. The breach is now a business problem. From employees and customers to partner and suppliers – people need to be confident the situation is being addressed, managed, and resolved.

    Communication is key.
    Smart organizations view their security crisis-communication plan as an ongoing necessity. Get ahead of the reactive situation and decrease the uncertainty. Involve the company’s top leaders across the cross-functional organization. Create a framework for answering questions honestly and with integrity. Share information up front and often. Frequent detailed communication couple with action timelines creates confidence.

    Get operational in real time.
    You can’t control the communication cycle without having done some work in advance. A well-developed crisis response plan with different scenarios will train your team to operate in real time when the inevitable occurs. You can take control of the situation with timely communications.

    Be prepared. Join us for our upcoming webinar to learn how to build a strong crisis-communication foundation for your organization.

    See you online!

    The HPE FireEye Team
  • Security-as-a-Service: New Threat Landscape Demands a New Paradigm Recorded: Sep 27 2016 47 mins
    Rudy Araujo, VP, Product & Solutions Marketing
    The security paradigm for nearly two decades has been to increasingly invest in technology. These solutions have not only failed to solve the problem but have made the challenge more complex. Even if true threats are detected, they are lost in a sea of alerts and lack the context to prioritize and build response. This security posture is only exacerbated by the skills deficit currently facing the industry.

    In this webinar, we look at the emergence of a new security-as-a-service paradigm and the capabilities required to help organizations reduce risk and time to protection. The discussion will cover how the cost, specialization and complexity of cyber defense have positioned security to follow other markets in adopting an “as-a-service” paradigm.

    We will also address the capabilities that define an ideal security-as-a-service partner such as:

    •the availability of security expertise
    •a broad intelligence capability and
    •flexible deployment options

    Not only does this approach improve a security posture and reduce risk but it does so with a lower total cost of ownership (TCO). Register today to learn more about this emerging security-as-a-service model.

    The FireEye Team
The leading provider of next generation threat protection
FireEye is the world leader in combating advanced malware, zero-day and targeted attacks that bypass traditional defenses, such as firewalls, IPS and antivirus.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Operation “Ke3chang”: A Detailed Look Into a Newly Discovered APT Campaign
  • Live at: Dec 17 2013 7:00 pm
  • Presented by: FireEye Labs Research Team
  • From:
Your email has been sent.
or close