Skip to content

FireEye Releases Report on Cyber Espionage Group With Possible Ties to Russian Government

October 28, 2014

FireEye Research, Analysis Exposes Long-Standing Operations by APT28 Targeting Government, Military, and Security Groups of Interest to Russia

MILPITAS, CA–(Marketwired – Oct 28, 2014) – FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today released a comprehensive intelligence report that assesses that an advanced persistent threat (APT) group may be sponsored by the Russian government.

The report — APT28: A Window into Russia’s Cyber Espionage Operations? — details the work of a team of skilled Russian developers and operators, designated by FireEye as APT28, that has been interested in collecting information from defense and geopolitical intelligence targets including the Republic of Georgia, Eastern European governments and militaries, and European security organizations, all areas of particular interest to the Russian government.

“Despite rumors of the Russian government’s alleged involvement in high-profile government and military cyber attacks, there has been little hard evidence of any link to cyber espionage,” said Dan McWhorter, FireEye VP of Threat Intelligence. “FireEye’s latest advance persistent threat report sheds light on cyber espionage operations that we assess to be most likely sponsored by the Russian government, long believed to be a leader among major nations in performing sophisticated network attacks.”

This FireEye report offers details that likely link APT28 — a threat group whose malware is already fairly well-known in the cybersecurity community — with a government sponsor based in Moscow, exposing long-standing, focused operations that indicate government backing.

Unlike the China-based threat actors tracked by FireEye, APT28 does not appear to conduct widespread intellectual property theft for economic gain, but instead is focused on collecting intelligence that would be most useful to a government. Specifically, FireEye found that since at least 2007, APT28 has been targeting insider information related to governments, militaries, and security organizations that would likely benefit the Russian government.

The report includes malware samples compiled by FireEye that indicate that the developers are Russian language speakers who are operating during business hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.

FireEye experts also found that APT28 has systematically evolved its malware since 2007, using flexible and lasting platforms indicative of plans for long-term use and sophisticated coding practices that suggest an interest in complicating reverse engineering efforts.

In addition to the report, FireEye is releasing indicators that can be downloaded at

The full report, including examples of APT28 targeted attacks and malware indicators, can be accessed at

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 2,500 customers across 65 countries, including over 150 of the Fortune 500.

© 2014 FireEye, Inc. All rights reserved. FireEye is a registered trademark or trademark of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Originally published at

Distinguishing Acts of War in Cyberspace

October 28, 2014

Determining an act of war in the traditional domains of land, sea, and air often involves sophisticated interactions of many factors that may be outside the control of the parties involved. This monograph seeks to provide senior policymakers, decisionmakers, military leaders, and their respective staffs with essential background on this topic as well as introduce an analytical framework for them to utilize according to their needs.

It develops this theme in four major sections:
1. it presents the characterization of cyberspace to establish terms for broader dialogue as well as to identify unique technical challenges that the cyberspace domain may introduce into the process of distinguishing acts of war.
2. it explores assessment criteria involved with assaying cyber incidents to determine if they represent aggression and possible use of force; and if so, to what degree?
3. it looks at the policy considerations associated with applying such criteria by examining relevant U.S. strategies as well as the strategies of other key countries and international organizations, and considers how nonstate actors may affect U.S. deliberations.
4. it examines the influences that course of action development and implementation may have on the assessment of cyberspace incidents, such as reliable situational awareness, global and domestic environment considerations, and options and their related risks and potential consequences. It argues that the United States must also expect and accept that other nations may reasonably apply the criteria we develop to our own actions in cyberspace.
Download monograph and continued at

What is the Secret to Media Brand Loyalty? Storytelling in the Digital Age

October 28, 2014

Event:  Broadcasting Board of Governors

Thursday, October 30, 2014 from 10:15 AM to 11:45 AM (EDT)

Washington, DC


From hard-hitting journalism to documentary films that capture the essence of a historic event, powerful stories can engage audiences and focus their attention.

The growth of digital platforms – from streaming video to social media – has put storytelling on the global stage and given audiences the ability to amplify, connect and act like never before.

Join the BBG as it explores this topic with a panel of award-winning media executives.  They will discuss:
•    How great stories are created and disseminated in the digital world.
•    How storytellers can responsibly use the power of digital media to engage and focus audience attention in responding to the challenges of our age.
•    How today’s storytellers are building deep loyalty with connected audiences, and how this is changing the larger media industry.

Ben Silverman, Emmy and Golden Globe Award-winning show creator and media executive, is Founder and Chairman of Electus, a next-generation studio.  His extensive executive producing credits include “The Office,” “Ugly Betty,” “The Biggest Loser” as well as “The Tudors” among many others.

Soledad O’Brien, Founder and CEO of Starfish Media Group, is an award-winning journalist, news anchor and producer.  SMG is a multi-platform media production and distribution company, dedicated to uncovering and producing empowering stories that take a look at the often divisive issues of race, class, and wealth, including the series for CNN “Black in America” and “Latino in America.”

Morgan Valentine Spurlock, Founder and President of Warrior Poets production studio, is the producer of Sundance Film Festival winner for best director Super Size Me, FX series 30 Days and the films Where in the World is Osama Bin Laden?, Confessions of a Superhero, Czech Dream.

Nancy Dubuc, President and CEO of A&E Networks, which is home of two of the top ten entertainment brands, HISTORY and A&E, and two of the leading women’s brands in Lifetime and LMN.  Named by Fortune Magazine as one of the 50 Most Powerful Women in Business, she has won multiple Emmy awards and nominations.

Frank Cooper III, Chief Marketing Officer, Global Consumer Engagement PepsiCo, Inc., is listed as #15 on Billboard Magazine’s 2014 “Power List,” one of the “100 Most Creative People in Business” by Fast Company Magazine, and is a recipient of ADCOLOR’s coveted “Legend” award.

Charlie Corwin, Co-Chairman and Co-CEO, Endemol North America is a leading entertainment executive and award-winning film and TV producer.  He is the creator of multiple series including “Miami Ink” for TLC and its popular spinoffs, “LA Ink” and “NY Ink,” as well as the breakout success “Swamp People” for History.

Howard Thomas Owens, Former President of Nat Geo Channels U.S., is credited with taking the channel into the scripted programming arena with the long-form adaptations of Bill O’Reilly’s books “Killing Kennedy,” “Killing Lincoln” and the upcoming “Killing Jesus.” He spearheaded the launch of series franchises including “Wicked Tuna,” “Brain Games,” and “Life Below Zero”.

Date:  Thursday, October 30, 2014

Time: 10:15 – 11:45 AM   [Doors open at 9:45 AM] Photo Identification is required. DHS requires a U.S. issued driver’s license or a U.S./Foreign passport for entry to a Federal facility.

Place: BBG Headquarters, Cohen Auditorium
330 Independence Avenue, SW
Washington, DC 20237

For questions or further information, contact the BBG’s Office of Public Affairs, 202-203-4400,

Have questions about What is the Secret to Media Brand Loyalty? Storytelling in the Digital Age?Contact Broadcasting Board of Governors

Some Ideas for US Army IO/IIA

October 28, 2014

I’ve been involved with Army IO/IIA since the beginning, long before IO positions were created, long before there was an IO branch and even before there was a 1st IO Command, when it was called LIWA.  I began working IO about the same time LIWA was created. I worked IO on the Joint Staff in the Pentagon and was one of the plankholders of the Joint Staff IO Response Cell. I helped work IO for Special Operations during the initial stages of OEF and continued doing IO work at INSCOM, when I returned.

I’ve been watching Army IO since the beginning.  LIWA, 1st IO Command, DAMO-ODI, USAIOP, FA-30 branch and various painful iterations of FM 3-13.  I’ve watched leaders, both in command positions and advisory, make decisions and recommendations which effected Army IO, for bad and good. I’ve talked with FA-30 leaders and practitioners at all levels, heard the complaints, passed on their comments (complaints turned down a notch or two) and watch the results, or lack thereof. I’ve watched the triumvirate of IO leadership, at 1st IO Command, DAMO-ODI and USAIOP, really try take control of IO and urge it into the right direction, all the while knowing this disunity of command was in direct contravention of Army leadership principles.

I watched as one IO professional was promoted to General, hoping he would become the “leader” of Army IO, only to see him fill a clear need for a cyber position, but making Army IO suffer.  I watched the first Commander of the Army’s Cyber Component attempt to subordinate 1st IO Command under him, INSCOM too, and turn IO upside down. Common sense does not always prevail at the two and three star level when attempting new things. Now, as we take a strategic pause at the military’s attempts to properly address cyber, clearer minds might prevail.  I can only hope.

I recently wrote a piece about the ‘State of IO’.  I received quite a few private responses, most of which really warmed my heart.  I responded to one comment about Army IO and I want to expand on that comment. I wrote the reply on my iPad and want to expand.

First, let’s look at the doctrine makers for Army IO. USAIOP has got to get its act together for the US Army. Too many successive TRADOC Commanders and Army CoSs have tried to manipulate and control the system. The Army needs a comprehensive approach to IO based on reality and facts, not gut feelings. Back in 2007 the Army tried to implement a new form of IO which many said disassembled IO and weakened IO to the point of uselessness.  All the experts in the various “components” of IO were returned to their operational origins in the headquarters and were supposed to push IO within that office. This attempt failed. This has resulted in today’s dysfunctional IO community, especially within the Army. The roadshow that briefed this concept had a slick presentation, which superficially made sense, but upon later contemplation, revealed a basic inherent flaw.  For IO to have the impact the “new” IO was intended, IO had to be a core competency in the US Army.  Fast forward to 2014 and we can see IO is not a core competency, as a matter of fact it’s a bill payer for other parts of the Army.

IO should and must become a core competency, the first thing any soldier, officer, general or warrant thinks of, before contemplating we launch a round downrange. What effect do we hope to achieve?  Can we achieve that using information, on a long-term basis? Can we cause a population to support us, well in advance of any combat operations, which certainly make people hate us for generations (or can we mitigate)?  To put it in terms of Dr. Lee Rowland, how can we have the effect on people’s behavior in the desired manner?  Under what conditions will this behavior change?

The Army’s “new” IO was PowerPoint deep. I constantly asked for studies, papers, books, anything to justify the “new” IO. I got a series of PowerPoint slides and no substance. I saw one PowerPoint presentation by a unit which will not be named, but it damned the “new” IO so badly that it appeared ludicrous.  But tougher minds prevailed, not necessarily smarter minds.  So I ask, before the Army makes any new doctrine for IO (and the same goes for OSD, please), show us the studies.  Show us the papers. Show us the premise upon which you think the US Army should invest millions of dollars and countless lives, so that we can save young soldiers and prevail upon the battlefield while simultaneously preserving and hopefully building popular support.

The Army needs to create a healthy FA-30 career field (I haven’t blogged how broken I feel it is – yet). When the O-5 selection board promotes only 40% of the eligible candidates, motivation across the board comes close to zero.  This sends a clear message to their potential leaders that the likelihood of promotion for your young staff officer is not too good, so don’t invest a lot of time and energy in their professional development.  Let them prepare for a career in marketing.  Next, stop sending mixed signals to the FA-30s.  I’ve seen them misdirected at least three times.  Stop it.

This is blasphemy and I apologize in advance. IO integrates stuff. MISO/PSYOP is another tool, not the king. PSYOP, stick to what you do best and do not try to say you can do IO’s job.  Perhaps you can, perhaps you’re trained, but when your job is PSYOP, that is your job. When you are working an IO position, IO is your job.  I used to be an Infantry Officer before I became an intelligence officer doing IO work and I never, not once, told an inexperienced Infantry Officer how to do his job when I was an intel or IO guy.

Cross fertilization.  The Army has a basic problem when it comes to IO.  For officers, their branch continually hammers the mantra: “stay tactical” into your head. I have seen far too many O-5/6s on the Joint Staff, OSD, LNOs at State or at the White House trying to drink from the proverbial firehose. They were lost, they don’t know the acronyms, who to call, what they do and what else is available. IO folks need to do a tour in the NSC Staff, cross-fertilize at State and at the BBG, early in their career. IO guys and gals need to educate and learn. O-5s and O-6s are too set in their ways, young-uns are malleable. There are too many things at the national level than can be taught in school and our doctrine sucks at integrating at that level.  Break free from the old “tactical” mantra, spread your wings and fly, Army IO.

Army IO, this is for you to use. Don’t fall into the “not invented here” syndrome. I am available for hire.

Is the CIA Running a Defamation Campaign Against Putin?

October 27, 2014

Joel Harding:

One can only hope the CIA is targeting Putin.

Originally posted on Uprootedpalestinians's Blog:

The Saker

Russia Insider interviews The SakerThe latest hot topic in the Russian media. Russian politicians are talking about it. Historical precedent and behavior of Western media suggests that they are.

A major topic in the Russian media is mystification with how Putin is portrayed in the Western media.

Wildly popular at home, and seen as a decent, modest, an admirable person, and Russians don’t understand how there can be such a disconnect with Western impressions.

Recently, leading Russian commentators and politicians have been suggesting that this can only be explained by a deliberate campaign to defame Putin, by governments or other groups.

Yesterday, at a briefing to foreign journalists, Sergey Ivanov, Putin’s chief of staff, arguably the 2nd most powerful man in Russia, spoke of an “information war” consisting of “personal attacks” on Putin.

The western media hit a new low…

The day before another member of Putin’s…

View original 1,714 more words

Violent Islamist propaganda inspiring attacks in U.S.: Senator Feinstein

October 26, 2014

Senator Dianne Feinstein (D-CA), chair of the Senate Intelligence Committee

According to the chair of the US Senate Intelligence Committee, Senator Dianne Feinstein, ISIS propaganda is the cause of “lone wolf” terrorist attacks in the US.

“These attacks and the multiplicity of attacks in 2014 show that their propaganda is having some effect,” the Californian Democrat said on CNN’s “State of the Union” television program.

ISIS propaganda may be having an effect right here in the United States. Perhaps the attack in Canada was inspired by ISIS propaganda.

The United States does not have a non-partisan office that counters propaganda intended to harm the United States.  There are no academic studies to guide US’ spending of billions of dollars intended to “promote democracy”.

McCaul: ISIS winning propaganda war

October 26, 2014

House Homeland Security Chairman Michael McCaul (R-Texas) said on Sunday that three lone wolf attacks in Canada and New last showed the Islamic State in Iraq and Syria (ISIS) was winning an online propaganda campaign.

“They are waging a campaign of war against the west and the United States and these are three examples just last week of where they’re winning,” he said on ABC’s “This Week.”

McCaul said the lone wolf attackers were often “people in a basement radicalizing over the Internet,” and that they would be “very hard to stop.”

“It’s like finding a needle in a haystack and then getting them out of that radicalization toward a deradicalization path,” he said.

The Obama administration’s former top counterterrorism official, Matt Olsen, agreed, and said while concern over homegrown terror plots are not new, propaganda by ISIS poses additional concerns.

Continued at


Get every new post delivered to your Inbox.

Join 1,242 other followers