Targeted Attacks Leveraging Domain Credentials

Number: AL14-031
Date: 29 July 2014


The purpose of this Alert is to bring attention to targeted attacks using compromised domain credentials.


CCIRC has received a report of advanced persistent threat (APT) activity in ongoing targeted attacks using compromised domain credentials.

The apparent objective of this activity is the theft of intellectual property, trade secrets, and other sensitive business information. Although this activity appears to be limited at the time of writing, it is important to note that this type of attack is highly adaptable and can be used to target various critical infrastructure industries.

Suggested action


  1. CCIRC's TR11-001 Malware Infection Recovery Guide

  2. CCIRC's TR11-002 Mitigation Guidelines for Advanced Persistent Threats

  3. Top 4 Strategies to Mitigate Targeted Cyber Intrusions

  4. CSEC Top 35 Mitigation Measures - Guidance for the Government of Canada

  5. FireEye Blog, New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks

  6. FireEye Blog, Clandestine Fox, Part Deux

  7. CCIRC Advisory AV14-024 - Microsoft Security Bulletin Release (Out of Band) – Security Update for Internet Explorer (2965111)

  8. CCIRC Alert AL14-029 - Vulnerability in Internet Explorer Could Allow Remote Code Execution

  9. Microsoft - Security Advisory 2953095: recommendation to stay protected and for detections

  10. Microsoft Security Bulletin MS14-021 - Critical

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589

Date modified: