We are very proud to announce that Novetta has been leading a coalition of security companies in a large-scale coordinated effort to detect and remediate advanced malware. The overall objective of the coalition is to act against the adverse impact of professional cyber espionage groups and other threat actors. Coalition partners include: Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Symantec, Tenable, ThreatConnect, ThreatTrack Security, Volexity, and an assortment of threat researchers who wish to remain anonymous. This initiative is the first effort under the Microsoft supported Coordinated Malware Eradication (CME) program which aims to bring organizations in cyber security and in other industries together to change the game against malware.
The real difference in this initiative is that the coalition is extending beyond the traditional industry status quo of simply publicizing a report of an identified cyber threat. Instead, we’re turning knowledge into action. The coalition members have synthesized and operationalized shared knowledge of a common threat with the primary objective of disrupting, degrading and globally remediating the effects of a sophisticated, well resourced, cyber espionage group who has operated for at least 4 years.
In addition to highlighting coalition efforts in a press release, today we have also published several preliminary triage reports to outline this threat actor group and several of the malware families it uses. We have also coordinated with our partners to ensure that consumer and enterprise security tools are updated to act against these threats. We plan to release a comprehensive technical report by October 28, 2014 that will include a high level overview of the threat actor group, some of the targeted industries they attacked, an overview of malware families they used and their capabilities. This report will also include an in-depth review of the Tactics, Techniques, and Procedures (TTP’s) of this group and who we believe they could be based on this larger narrative.
Our executive summary and associated triage reports for this threat are located here: http://novetta.com/operationsmn. Please use the information contained to protect organizations under your purview. Stay tuned over the coming weeks as we prepare to release our full technical reporting coverage.