Threat Actors Using Mandiant APT1 Report as a Spear Phishing Lure
It was only a matter of time. Today, Mandiant learned of at least two malicious versions of our APT1 report that attempt to lure users into opening PDF documents titled “Mandiant” and “Mandiant_APT2_Report.” We are currently tracking the threat actors behind the activity and have no indication that APT1 itself is associated with either variant.
Mandiant has not been compromised. Reports downloaded, previously and currently from our website, do not contain exploits.
We recommend that you only retrieve Mandiant’s reports from: http://intelreport.mandiant.com, then check the hash of the downloaded files against the hashes posted on our web site.