M-unition -

Threat Actors Using Mandiant APT1 Report as a Spear Phishing Lure

By on February 21, 2013

It was only a matter of time. Today, Mandiant learned of at least two malicious versions of our APT1 report that attempt to lure users into opening PDF documents titled “Mandiant” and “Mandiant_APT2_Report. We are currently tracking the threat actors behind the activity and have no indication that APT1 itself is associated with either variant.

Symantec  and Brandon Dixon’s 9B+ blog uncovered the two permutations of the report. Hashes for the malicious PDFs are available on their blogs. Thanks to both for posting their findings.

Mandiant has not been compromised. Reports downloaded, previously and currently from our website, do not contain exploits.

We recommend that you only retrieve Mandiant’s reports from: http://intelreport.mandiant.com, then check the hash of the downloaded files against the hashes posted on our web site.

Category: The Suite Spot

Comments

    Leave a Comment

Get M-Unition in Your Inbox:

Follow @mandiant

Follow @mandiant on twitter.

Career Opps @ Mandiant

We’re growing fast, but we’re as demanding as ever. Our clients come to us in their hours of need, so we need the best. That means more than just the right education and the right experience in information security.

As Mandiant continues to grow, we are able to offer certain positions in multiple locations. For details on the location(s) of each opening, please refer to the position descriptions.

Click here to view available positions.