Written by: Daniel Kapellmann Zafra, Alden Wahlstrom, James Sadowski, Josh Palatucci, Davyn Baumann, Jose Nazario
Since early 2022, Mandiant has observed the revival and intensification of threat activity from actors …
Written by: Daniel Kapellmann Zafra, Alden Wahlstrom, James Sadowski, Josh Palatucci, Davyn Baumann, Jose Nazario
Since early 2022, Mandiant has observed the revival and intensification of threat activity from actors …
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider,” and has been observed adapting its …
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of …
Through the course of our incident response engagements and threat intelligence collections, Mandiant has identified a threat campaign targeting Snowflake customer database instances with the intent of data theft …
Written by: Michelle Cantos, Jamie Collier
Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and…
Written by: Michael Raggi
Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational …
Written by: Mark Swindle
While investigating recent exposures of Amazon Web Services (AWS) secrets, Mandiant identified a scenario in which client-specific secrets have been leaked from Atlassian’s code repository tool, …
The explosive growth of malware continues to challenge traditional, manual analysis methods, underscoring the urgent need for improved automation and innovative approaches. Generative AI models have become invaluable in some …
Written by: Kelli Vanderlee, Jamie Collier
Executive Summary
The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety …
Written by: Beleswar Prasad Padhi, Tina Johnson, Michael Bailey, Elliot Chernofsky, Blas Kojusner
FakeNet-NG is a dynamic network analysis tool that captures network requests and simulates network services to aid …
Written by: Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom
With Russia’s full-scale invasion in its …
Written by: Jacob Thompson
The Apache XML Security for C++ library, code named xml-security-c, is part of the Apache Santuario project. The library implements the XML Digital Signature and the …
Written by: Andrew Oliveau
Over the last several years, the security community has witnessed an uptick in System Center Configuration Manager (SCCM)-related attacks. From extracting network access account (NAA) credentials …
Written by: Alden Wahlstrom, David Mainor, Daniel Kapellmann Zafra
In June 2023, Russian businessman Yevgeniy Prigozhin and his private military company (PMC) “Wagner” carried out an armed mutiny within Russia. …
Written by: Luke Jenkins, Dan Black
Executive Summary In late February, APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties with a CDU-themed lure. …
Written by: Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen
During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation …
Written by: Aseel Kayal
During the analysis of a banking trojan sample targeting Android smartphones, Mandiant identified the repeated use of a string obfuscation mechanism throughout the application code. To …
Written by: Ofir Rozmann, Chen Evgi, Jonathan Leathery
Today Mandiant is releasing a blog post about suspected Iran-nexus espionage activity targeting the aerospace, aviation and defense industries in Middle East …
Written by: Matt Lin, Robert Wallace, Austin Larsen, Ryan Gandrud, Jacob Thompson, Ashley Pearson, Ashley Frazer
Mandiant and Ivanti’s investigations into widespread Ivanti zero-day exploitation have continued across a variety …
Written by: Colton Gabertan, Mike Hunhoff, Moritz Raabe, Willi Ballenthin
capa is the FLARE team’s open source tool that detects capabilities in executable files. Ghidra is an open source software …
Written by: Yacine Elhamer, Willi Ballenthin, Moritz Raabe, Mike Hunhoff
We are excited to announce that capa v7.0 now identifies program capabilities from dynamic analysis reports generated via the CAPE …
Written by: Tyler McLellan, John Wolfram, Gabby Roncone, Matt Lin, Robert Wallace, Dimiter Andonov
Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue …
Written by: Zach Riddle, Joe Dobson, Lukasz Lamparski, Stephen Eckels
On January 3, 2024, Mandiant’s X social media account was taken over and subsequently used to distribute links to a …