Investigate

If your devices have been compromised by a targeted attack, it can be valuable to understand why you’ve been attacked and by whom.

Why you’ve been attacked: Who do you think might be interested in targeting you or your organization? Is this threat related to your work? In the section on helpful resources there are links to guides that give you tips and tricks on how to prevent digital emergencies and be proactive about your digital security.

By whom: What are your adversary’s technical capabilities? Is the potential attacker (a government entity or other third party) known to use internet surveillance technology. In the section on Reports on State-sponsored Malware attacks below there is more information on the different ways in which governments have used malware for targeted attacks.

Documentation: It will be difficult to remember specifics such as the time and date when you clicked on a suspicious link. Therefore, we recommend keeping a notebook next to your computer to make notes of the time, date and strange things that have happened and are happening to your device. In some cases experts have been able to identify a specific type of malware by correlating the time of the attack with unique characteristics or a possible indicator of compromise.

Reports on State-sponsored Malware attacks: