Bird’s Eye View is a new executive summary report generated by Novetta’s Threat Research Group to provide a high-level summary of recent noteworthy cyber security events. It is intended to serve as a brief, detailed narrative offering additional context and insight for cyber security practitioners and other interested readers. Bird’s Eye View also offers nuanced analysis and context around often-hyped public threat reporting for Directors and Executives who are too busy to read detailed, technical reporting.
Many well-researched and highly technical reports often provide little higher-level context to help explain relevant cyber events, particularly for strategic decision makers or those not involved in cyber security matters. No threat group, whether state-sponsored, hacktivist, criminal, or a combination thereof, is isolated from the influence of the surrounding environment. Rather, these groups are affected by a wide variety of factors, including political and cultural influences, technical skill, legal procedures of the region, implicit or explicit government support, regional computer security practices, underground activity, and much more. Many events are also tied to previous or ongoing cyber attacks or geopolitical events, either directly or indirectly.
In this first report, we take a closer look at recent reporting on three cyber espionage campaigns: a group operating in the Middle East since 2013, the Equation Group tied to the United States, and French-language malware that has been linked to an intelligence campaign. We also examine the methods of the Carbanak Group, which is reminiscent of many advanced APT-style attacks and illustrates a growing trend of highly advanced cyber criminal threats.