Our Research and Intelligence unit is home to our innovators and developers of the core technology that powers the BlackBerry® Cylance® Native AI Platform. The unit’s threat research engineers identify and deconstruct emerging forms of file-based and fileless malware. Our threat intelligence analysts’ profile and track hacker groups and their tactics, techniques, and procedures.

Collectively, we leverage our threat intelligence platform to develop and optimize machine learning models that defeat APTs and zero-day threats. Our teams work tirelessly to hold the line against adversaries and cybercriminals, identifying and stopping threats no one has ever seen before.

Watch this video and learn more about us and the work we do to protect customers and advance our solutions:

Read Our Latest ‘Deep Dive’ Research Reports

Our team of information security experts, software engineers, and data scientists conduct research throughout the year to provide customers with actionable insights about the persistent threats and malicious actors impacting the global security landscape.

Check out our latest original research reports:

White paper: OceanLotus Steganography Malware Analysis (PDF)

While monitoring the activity of the OceanLotus APT Group, BlackBerry Cylance researchers uncovered a novel payload loader that utilizes steganography to read an encrypted payload concealed within a .png image file. Thus far, BlackBerry Cylance has observed two backdoors being used in combination with the steganography loader – a version of Denes backdoor (bearing similarities to the one described by ESET), and an updated version of Remy backdoor.

This white paper describes the steganography algorithm used in two distinct loader variants and looks at the launcher of the backdoor that was encoded in one of the .png cover images.

Report: Thin Red Line - Penetration Testing Practices Examined (PDF)

The goal of this report is to provide a view on pentesting from the security researcher’s perspective in an attempt to better educate other researchers, pentesters, and, most importantly, the clients they both seek to serve.

We discuss the potential for negative outcomes from pentesting activity in the hopes of prompting a dialogue that will catalyze efforts to implement a commonly accepted set of standards for best practices in pentesting.



The White Company Series: Operation Shaheen Report (PDF)

Pakistan is at the center of a new, unusually complex espionage effort unveiled by Cylance. Operation Shaheen is a year-long, ongoing campaign aimed at the nuclear-armed country’s government and military. It is the work of a previously undisclosed threat actor whose unique style of attack has, until now, remained out of the public eye — a success they have taken great pains to achieve.

We call this threat actor The White Company in acknowledgement of the many elaborate measures they take to whitewash all signs of their activity and evade attribution.

Cylance 2019 Threat Report (PDF)

Read our analysis of 2018 Cylance customer and industry data to see what security trends you should prioritize as you continue to shore up your tools, technology, techniques and provide guidance to your team. The information contained in the Cylance 2019 Threat Report will prepare you for the security challenges of the upcoming year. It contains the top OS X and Windows-based threats encountered by our customers, notable advanced persistent threat (APT) activity, and year-over-year analysis.

Readers will also find sections detailing attacks on O365 services, credential-based hacks, and current consumer sentiment regarding cybersecurity solutions.

Browse Our Research Blogs on ThreatVector

Research and Intelligence Blogs

ThreatVector is BlackBerry Cylance's award-winning blog. We stay on top of the latest threat news and headlines with blogs that expose threat actors and deconstruct their tactics, techniques, and procedures.

Read our Top 10 latest Research blogs on ThreatVector, or browse all articles below:

Research and Intelligence Team: Top 10 Most Popular Blogs

1.      Reaver: Mapping Connections Between Disparate Chinese APT Groups
2.      Around the Watercooler: Ghidra Edition
3.      Report: Thin Red Line - Penetration Testing Practices Examined
4.      PowerShell Obfuscation Using SecureString
5.      Report: OceanLotus APT Group Leveraging Steganography
6.      Public Hacking Tools: Day in the Sun
7.      The White Company: Inside the Operation Shaheen Espionage Campaign
8.      Improving Malware Detection Accuracy by Extracting Icon Information
9.      Whack-A-Mole: The Impact of Threat Intelligence on Adversaries
10.    Applying Machine Learning to Prevent Inception Bar Phishing Attacks

Threat Research Team: Top 10 Most Popular Blogs

1.      Threat Spotlight: TrickBot Infostealer Malware
2.      Threat Spotlight: Parite Polymorphic File Infector
3.      Threat Spotlight: Virlock Polymorphic Ransomware
4.      Threat Spotlight: Sodinokibi Ransomware
5.      Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus
6.      Threat Spotlight: MenuPass/QuasarRAT Backdoor
7.      Threat Spotlight: Emotet Infostealer Malware
8.      Threat Spotlight: Analyzing AZORult Infostealer Malware
9.      Threat Spotlight: Inside VSSDestroy Ransomware
10.   Threat Spotlight: Resurgent Smoke Loader Malware Dissected

Learn more about the BlackBerry Cylance Research and Intelligence Unit HERE.