ThreatConnect

Last updated
ThreatConnect, Inc
TypeCorporation
IndustryNetwork Security
FoundedApril 28th, 2011
FounderAdam Vincent (Co-founder), Andrew Pendergast (Co-founder), Leigh Reichel (Co-founder), Balaji Yelemenchilli (Current CEO)
Headquarters
Arlington, Virginia
,
United States
Products Threat Intelligence Platform, Security Orchestration, Automation, and Response, Cyber Risk Quantification
Number of employees
129 (May 2019) [1]
Website www.threatconnect.com

ThreatConnect is a cyber-security firm based in Arlington, Virginia. They provide a Threat Intelligence Platform for companies to aggregate and act upon threat intelligence.

Contents

History

The firm was founded in 2011 as Cyber Squared Inc. by Adam Vincent, Richard Barger, Andrew Pendergast and Leigh Reichel. [2] They renamed to ThreatConnect after their series A funding of $4 million in 2014, [3] [4] and in December 2015 obtained series B funding of $16 million. [5]

The company gained attention when it linked the Anthem medical data breach to Chinese government-sponsored entities. [6] According to cybercrime expert Brian Krebs, ThreatConnect identified domains used by the group that were intentionally similar to legitimate domains used by Anthem. [7]

They also linked Guccifer 2.0, responsible for the 2016 Democratic National Committee email leak, to the Russian-backed cyberespionage group Fancy Bear. [8] [9] Further cyberattacks they attributed to Fancy Bear include against a group investigating the Malaysia Airlines 17 crash, [10] and the World Anti-Doping Agency who had recently issued a report about state-sponsored doping. [11]

In September 2020, ThreatConnect acquired Virginia-based software company Nehemiah Security. [12]

Related Research Articles

Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. Krebs is the author of a daily blog, KrebsOnSecurity.com, covering computer security and cybercrime. From 1995 to 2009, Krebs was a reporter for The Washington Post and covered tech policy, privacy and computer security as well as authoring the Security Fix blog. He is also known for interviewing hacker 0x80.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Trellix is a privately held cybersecurity company founded in 2022. It has been involved in the detection and prevention of major cyber attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core products is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference.

<span class="mw-page-title-main">Cyberattack</span> Attack on a computer system

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organisations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyber attacks have increased with an alarming rate for the last few years

The Anthem medical data breach was a medical data breach of information held by Elevance Health, known at that time as Anthem Inc.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR); this view is shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides cloud workload and endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of several high-profile cyberattacks, including the 2014 Sony Pictures hack, the 2015–16 cyber attacks on the Democratic National Committee (DNC), and the 2016 email leak involving the DNC.

The Democratic National Committee cyber attacks took place in 2015 and 2016, in which two groups of Russian computer hackers infiltrated the Democratic National Committee (DNC) computer network, leading to a data breach. Cybersecurity experts, as well as the U.S. government, determined that the cyberespionage was the work of Russian intelligence agencies.

The 2016 Democratic National Committee email leak is a collection of Democratic National Committee (DNC) emails stolen by one or more hackers operating under the pseudonym "Guccifer 2.0" who are alleged to be Russian intelligence agency hackers, according to indictments carried out by the Mueller investigation. These emails were subsequently leaked by DCLeaks in June and July 2016 and by WikiLeaks on July 22, 2016, just before the 2016 Democratic National Convention. This collection included 19,252 emails and 8,034 attachments from the DNC, the governing body of the United States' Democratic Party. The leak includes emails from seven key DNC staff members, and date from January 2015 to May 2016. On November 6, 2016, WikiLeaks released a second batch of DNC emails, adding 8,263 emails to its collection. The emails and documents showed that the Democratic Party's national committee favoured Clinton over her rival Bernie Sanders in the primaries. These releases caused significant harm to the Clinton campaign, and have been cited as a potential contributing factor to her loss in the general election against Donald Trump.

"Guccifer 2.0" is a persona which claimed to be the hacker(s) who gained unauthorized access to the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents "Guccifer 2.0" released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been mixed with disinformation. According to indictments in February 2018, the persona is operated by Russian military intelligence agency GRU. On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks.

On Friday July 29, 2016 the Democratic Congressional Campaign Committee reported that its computer systems had been infiltrated. It is strongly believed by US intelligence sources that the infiltrator groups are Russian foreign intelligence groups that breached the Democratic National Committee's computer systems. These groups are known as Fancy Bear and Cozy Bear.

DCLeaks was a website that was established in June 2016. It was responsible for publishing leaks of emails belonging to multiple prominent figures in the United States government and military. Cybersecurity research firms determined the site is a front for the Russian cyber-espionage group Fancy Bear. On July 13, 2018, an indictment was made against 12 Russian GRU military officers; it alleged that DCLeaks is part of a Russian military operation to interfere in the 2016 U.S. presidential election.

In March 2016, the personal Gmail account of John Podesta, a former White House chief of staff and chair of Hillary Clinton's 2016 U.S. presidential campaign, was compromised in a data breach accomplished via a spear-phishing attack, and some of his emails, many of which were work-related, were hacked. Cybersecurity researchers as well as the United States government attributed responsibility for the breach to the Russian cyber spying group Fancy Bear, allegedly two units of a Russian military intelligence agency.

<span class="mw-page-title-main">Alex Stamos</span> Greek American computer scientist

Alex Stamos is a Greek American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.

<span class="mw-page-title-main">Chris Krebs</span> Cybersecurity and infrastructure security expert

Christopher Cox Krebs is an American attorney who served as Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security from November 2018 until November 17, 2020 when President Donald Trump fired Krebs for contradicting Trump's claims of election fraud in the 2020 presidential election.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the Security and Defense Council, were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

References

  1. Chris Bing (26 January 2016). "This Cyber Startup Is Flying Under the Radar With a Monster Valuation". DC Inno.
  2. Ethan Rothstein (12 January 2015). "Shirlington Startup Helping Big Companies Prevent Hacking". ARLnow - Arlington, Va. Local News & Community.
  3. Eric Hal Schwartz (20 November 2014). "Virginia Cybersecurity Startup Cyber Squared Gets $4M and a Name Change". In The Capital.
  4. Steven Overly (20 November 2014). "Cybersecurity firm Cyber Squared raises $4 million, changes name to ThreatConnect". The Washington Post.
  5. Cara O'Donnell (22 December 2016). "Threat Intelligence Startup ThreatConnect Closes $16M Investment Round and Makes Strategic Move within Arlington". Arlington Economic Development.
  6. Ellen Nakashima (27 February 2015). "Security firm finds link between China and Anthem hack". The Washington Post.
  7. Brian Krebs (9 April 2016). "Anthem Breach May Have Started in April 2014". Krebs On Security.
  8. Teri Robinson (26 July 2016). "ThreatConnect: Guccifer 2.0 likely persona for Russian-linked propagandists, PR operatives leaking info to media". SC Magazine. Haymarket Media Group.
  9. "US cybersecurity firms say Russia likely behind hacks". The Times of Israel. Associated Press. 1 August 2016.
  10. India Ashok (29 September 2016). "Journalists investigating MH17 hacked by Russia-backed Fancy Bear hackers - ThreatConnect". International Business Times.
  11. Sam Thielman (23 August 2016). "Same Russian hackers likely breached Olympic drug-testing agency and DNC". The Guardian.
  12. "Arlington cybersecurity firm buys Tysons software company". Virginia Business. 2020-09-10. Retrieved 2020-09-29.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.