Analysis of FinFisher malware used by NEODYMIUM group
Published Mar 01 2018 08:15 PM 1,511 Views
Microsoft

fig3-FinFisher-stages.png

 

Office 365 Advanced Threat Protection (Office 365 ATP) blocked many notable zero-day exploits in 2017. In our analysis, one activity group stood out: NEODYMIUM. This threat actor is remarkable for two reasons:

  • Its access to sophisticated zero-day exploits for Microsoft and Adobe software
  • Its use of an advanced piece of government-grade surveillance spyware FinFisher, also known as FinSpy and detected by Microsoft security products as Wingbird

FinFisher is such a complex piece of malware that, like other researchers, we had to devise special methods to crack it.

 

Read the rest of the post

 

Version history
Last update:
‎Mar 01 2018 09:06 PM
Updated by: