Hero banner Mwise

Cyber Threat Intelligence

Understand and proactively protect against threat actors targeting you and your peers.

Threat Intelligence presentation

Mandiant Advantage Threat Intelligence

Explore Mandiant frontline research and access exclusive intelligence reports.

Finished Intelligence

APT42: Crooked Charms, Cons, and Compromises

Mandiant assesses with high confidence that APT42 is an Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian Government.

Available with a free Mandiant Advantage subscription.

Access the Report

Cyber Threat Actors Announce Threats and Attacks Against Critical Infrastructure in Response to Russia/Ukraine Conflict

In response to the Russia/Ukraine conflict, various cyber threat actor groups have been announcing sides and possible threats of action against various parties. Mandiant Threat Intelligence observed some activity with implications for critical infrastructure and operational…

Available with a free Mandiant Advantage subscription.

Access the Report

EMOTET Distributes New Payment Card Theft Module and Atera Agent Installers

Mandiant observed UNC3443 EMOTET activity distributing a new payment card stealing module targeting Chrome users.

Available with a paid Mandiant Advantage Threat Intelligence subscription.

Access the Report

Active Threat Actors

APT41

APT41 is a Chinese state-sponsored espionage group that also conducts financially motivated activity for personal gain. The group has executed multiple supply chain compromises, gaining access to software companies to inject malicious code into legitimate files before distributing updates.

Available with a free Mandiant Advantage subscription.

Access the Report

FIN11

FIN11 is a financially motivated threat group that has conducted some of the largest and longest running malware distribution campaigns observed amongst our FIN groups to date. Mandiant has observed FIN11 attempt to monetize their operations at least once using named point-of-sale (POS) malware and more frequently using CLOP ransomware combined with traditional extortion.

Available with a free Mandiant Advantage subscription.

Access the Report

UNC1543

UNC1543 is a financially motivated cluster of activity that distributes FAKEUPDATES, a multi-stage JavaScript dropper that typically masquerades as a browser update. In at least some cases, UNC1543 appears to partner with clients or affiliates who use access obtained by the group to deploy additional malware.

Available with a paid Mandiant Advantage Threat Intelligence subscription.

Access the Report

Male with Phone and Threat Intelligence on Monitor

Why Mandiant Threat Intelligence?

Get critical insights into the latest relevant threats as Mandiant blends open-source data with proprietary frontline observations.

Protection Guides

Making threat intelligence actionable is critical to cyber defense. Our detailed guides help you understand and apply threat intelligence.

Proactive Preparation and Hardening to Prevent Against Destructive Attacks

Includes hardening and detection guidance to protect against a destructive attack or other security incident within your environment.

Ransomware Protection and Containment Strategies

Practical guidance for endpoint protection, hardening and containment.

Linux Endpoint Hardening to Protect Against Malware and Destructive Attacks

This paper provides recommendations to protect Linux endpoints from adversarial abuse. 

You Might Also Be Interested In

Mandiant Cyber Security Forecast 2023

Inform your cyber security strategy for 2023 with insights from Mandiant leaders and experts.

Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29

Learn how to proactively harden and remediate your environments against attack techniques used by APT29.

The Defender’s Advantage Cyber Snapshot

Get insights into today’s top cyber defense topics based on Mandiant frontline, real-world experience.

Register today for free access to Mandiant Threat Intelligence