OVERRULED: Containing a Potentially Destructive Adversary
Fireeye Threat Research • by Geoff Ackerman, Rick Cole, Andrew Thompson, Alex Orleans, Nick Carr • 21 Dec 2018
UPDATE (Jul. 3, 2019): On May 16, 2019 FireEye's Advanced Practices
team attributed the remaining "suspected APT33 activity"
(referred to as GroupB in this blog post) to APT33, operating at the
behest of the Iranian government. The malware and tradecraft in this
blog post are consistent with the June
2019 intrusion campaign targeting U.S. federal government
agencies and financial, retail, media, and education sectors – as
well as U.S.