M-unition -

Threat Actors Using Mandiant APT1 Report as a Spear Phishing Lure

By on February 21, 2013

It was only a matter of time. Today, Mandiant learned of at least two malicious versions of our APT1 report that attempt to lure users into opening PDF documents titled “Mandiant” and “Mandiant_APT2_Report. We are currently tracking the threat actors behind the activity and have no indication that APT1 itself is associated with either variant.

Symantec  and Brandon Dixon’s 9B+ blog uncovered the two permutations of the report. Hashes for the malicious PDFs are available on their blogs. Thanks to both for posting their findings.

Mandiant has not been compromised. Reports downloaded, previously and currently from our website, do not contain exploits.

We recommend that you only retrieve Mandiant’s reports from: http://intelreport.mandiant.com, then check the hash of the downloaded files against the hashes posted on our web site.

Category: The Suite Spot

Comments

    Leave a Comment

Get M-Unition in Your Inbox:

Follow @mandiant

  • Did APT28, the group likely backed by the Kremlin, use two 0days in an attack we were able to detect and prevent? t.co/r9REiJEcDC

Follow @mandiant on twitter.

MANDIANT WEBINAR


From the Front Lines: It's the End of the Year as We Know It - 2014

Wed, Dec 3, 2014

2014 is drawing to a close, which means it’s time for Mandiant’s annual year-end review.

Join Richard Bejtlich, Chief Security Strategist at FireEye, Kelly Jackson Higgins, Executive Editor at DarkReading and Kristen Verderame, Chief Executive Officer at Pondera International as they share highlights from the past twelve months.

Register Today!

Career Opps @ Mandiant

We’re growing fast, but we’re as demanding as ever. Our clients come to us in their hours of need, so we need the best. That means more than just the right education and the right experience in information security.

As Mandiant continues to grow, we are able to offer certain positions in multiple locations. For details on the location(s) of each opening, please refer to the position descriptions.

Click here to view available positions.