AT&T Cybersecurity Spin‑Off LevelBlue Discovers ‘Squidloader’ Malware Loader » Dallas Innovates
At a cybersecurity conference in San Francisco last month, the launch of a new company with deep Dallas DNA was announced. LevelBlue, a managed cybersecurity services business, was introduced as a joint venture of Dallas-based AT&T and Chicago-based WillJam Ventures. A month later, Dallas-based LevelBlue is identifying new global threats as it makes it mark via cybersecurity consulting, threat intelligence, and continuous security operations center (SOC) support.
Based in Dallas, LevelBlue launched as something of a spin-off of AT&T’s own AT&T Cybersecurity division—which is why the new entity already has a deep bench of more than 1,000 employees globally. AT&T said it has retained a minority ownership stake and board representation in the new entity.
“LevelBlue’s advanced cybersecurity capabilities, our co-investment with AT&T and our ability to innovate will serve our customers and the industry well now and in the future,” Bob McCullen, chairman and CEO of LevelBlue and managing partner of WillJam Ventures, said in a launch statement last month. “LevelBlue’s comprehensive technology and service portfolio simplifies cybersecurity for the businesses that fuel our global economy. With cyber threats making headlines daily and impacting businesses of all types and sizes, LevelBlue’s experienced team and always-on services make governance, planning, resource allocation, and innovation easier than ever—without sacrificing security.”
As LevelBlue launched, Rick Welday, EVP of AT&T Enterprise Markets, said the standalone joint venture “simultaneously allows us to stay one step ahead of evolving cyber threats and foster innovation in the cybersecurity space.”
Aiming to be a leader ‘on day one’
Chicago-based McCullen—whose private equity firm WillJam Ventures invests in “world-class cybersecurity companies that will become the next generation of leaders in protecting the world’s digital assets”—aimed to hit the ground running with LevelBlue’s launch.
McCullen told IT news site CRN that LevelBlue had launched as one of the largest startups in the cybersecurity industry to date—with “tens of thousands” of customers coming over from AT&T.
“I think of it as an entrepreneurial way to be in a global market as a leader on day one with one of the biggest partners in the world,” he told CRN.
Identifying ‘SquidLoader,’ a new malware loader targeting Chinese speakers
Today, LevelBlue released new research from LevelBlue Labs, the company’s global team of threat researchers and data scientists, “who regularly analyze one of the largest collections of threat data in the world.”
The team has identified a new malware loader called “SquidLoader.” Delivered via phishing attachments in emails, SquidLoader was first discovered in late April, when the team found it was using “several advanced techniques to avoid being statically or dynamically analyzed for at least a month.” The final payload is something called a “Cobalt Strike” sample.
This same threat actor has been mainly targeting Chinese-speaking victims sporadically over the past two years, LevelBlue Labs assessed.
“The SquidLoader sample makes a clear effort to avoid detection, as well as static and dynamic analysis,” Fernando Dominguez, principal security researcher at LevelBlue Labs, said in a statement. “We don’t have enough findings to classify this threat actor as an advanced persistent threat (APT), but the techniques being observed by SquidLoader are those that are typically used by a persistent APT.”
How can organizations protect themselves against SquidLoader? LevelBlue advises them to use “increased vigilance against phishing attempts, including not opening attachments or clicking links from untrusted senders. They should always check that a sender is trusted, who they say they are, and that the communication is expected, especially if there is an attachment in the correspondence.”
To spot threats like these, LevelBlue says its threat researchers have “unrivaled visibility into the global threat landscape through insight from analysts at four global Security Operations Center locations and three global Network Operation Centers operated 24 hours per day and 365 days per year.”
‘The most timely and tactical threat intelligence’
LevelBlue President Sundhar Annamalai—who held roles at AT&T for over 18 years and served as president and CTO of AT&T Cybersecurity from 2022 through last month’s LevelBlue spinout—said LevelBlue Labs’ SquidLoader research “is yet another example of our team providing the most timely and tactical threat intelligence on the market today.”
“Our continuously updated, integrated threat intelligence helps cybersecurity teams quickly prioritize and address the most critical threats targeting their business—ultimately minimizing noise, false alarms, and burnout,” Annamalai added in a statement.
For more information about SquidLoader, you can visit LevelBlue’s blog post.
Get on the list.
Dallas Innovates, every day.
Sign up to keep your eye on what’s new and next in Dallas-Fort Worth, every day.