Mandiant assesses with high confidence that APT42 is an Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian Government.

Available with a free Mandiant Advantage subscription.

Access the Report

Cyber Threat Actors Announce Threats and Attacks Against Critical Infrastructure in Response to Russia/Ukraine Conflict

In response to the Russia/Ukraine conflict, various cyber threat actor groups have been announcing sides and possible threats of action against various parties. Mandiant Threat Intelligence observed some activity with implications for critical infrastructure and operational…

Available with a free Mandiant Advantage subscription.

Access the Report

EMOTET Distributes New Payment Card Theft Module and Atera Agent Installers

Mandiant observed UNC3443 EMOTET activity distributing a new payment card stealing module targeting Chrome users.

Available with a paid Mandiant Advantage Threat Intelligence subscription.

Access the Report

Active Threat Actors

APT41

APT41 is a Chinese state-sponsored espionage group that also conducts financially motivated activity for personal gain. The group has executed multiple supply chain compromises, gaining access to software companies to inject malicious code into legitimate files before distributing updates.

Available with a free Mandiant Advantage subscription.

Access the Report

FIN11

FIN11 is a financially motivated threat group that has conducted some of the largest and longest running malware distribution campaigns observed amongst our FIN groups to date. Mandiant has observed FIN11 attempt to monetize their operations at least once using named point-of-sale (POS) malware and more frequently using CLOP ransomware combined with traditional extortion.

Available with a free Mandiant Advantage subscription.

Access the Report

UNC1543

UNC1543 is a financially motivated cluster of activity that distributes FAKEUPDATES, a multi-stage JavaScript dropper that typically masquerades as a browser update. In at least some cases, UNC1543 appears to partner with clients or affiliates who use access obtained by the group to deploy additional malware.

Available with a paid Mandiant Advantage Threat Intelligence subscription.

Access the Report

Male with Phone and Threat Intelligence on Monitor

Why Mandiant Threat Intelligence?

Get critical insights into the latest relevant threats as Mandiant blends open-source data with proprietary frontline observations.

Learn More

Protection Guides

Making threat intelligence actionable is critical to cyber defense. Our detailed guides help you understand and apply threat intelligence.

Proactive Preparation and Hardening to Prevent Against Destructive Attacks

Includes hardening and detection guidance to protect against a destructive attack or other security incident within your environment.

Learn More

Ransomware Protection and Containment Strategies

Practical guidance for endpoint protection, hardening and containment.

Learn More

Linux Endpoint Hardening to Protect Against Malware and Destructive Attacks

This paper provides recommendations to protect Linux endpoints from adversarial abuse.

Learn More

You Might Also Be Interested In

Better Together: The Benefits of Integrating Cyber Threat Intelligence and Risk Management

Best practices for CTI and risk professionals to work together. Improving collaboration begins with building mutual understanding.

Read the Report

Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29

Learn how to proactively harden and remediate your environments against attack techniques used by APT29.

Read the Report

The Defender’s Advantage Cyber Snapshot

Get insights into today’s top cyber defense topics based on Mandiant frontline, real-world experience.

Read the Report

Global Perspectives on Threat Intelligence Report from Mandiant

Learn the key challenges facing cyber security decision-makers from organizations around the world and key actions required to solidify your cyber readiness. Get the Global Perspectives on Threat Intelligence report today.

Read The Report

Watch the Webinar

Register today for free access to Mandiant Threat Intelligence

Get Started

Mandiant Advantage

Mandiant Solutions

Mandiant Services

Cyber Threat Intelligence

Resource Center

Company

Cyber Threat Intelligence

Latest Threat Intelligence

Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations

Data Protection Best Practices

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

AI and the Five Phases of the Threat Intelligence Lifecycle

Threat Actors are Interested in Generative AI, but Use Remains Limited

Indicators of Compromise Scanner for Citrix ADC Zero-Day (CVE-2023-3519)

Threat Trends: The Implications of the MOVEit Compromise

August 2023 Threat Horizons Report Provides Cloud-Focused Cybersecurity Insights and Recommendations

Google Named a Leader in the External Threat Intelligence Service Forrester Wave™

KillNet Showcases New Capabilities While Repeating Older Tactics

Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

AI and Cybersecurity: How Mandiant Consultants and Analysts are Leveraging AI Today

A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program

Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises

A Requirements-Driven Approach to Cyber Threat Intelligence

The Defender’s Advantage Cyber Snapshot

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform

Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity

Manufacturing and Supply Chains: Threat Actors, Disruptions and Countermeasures

APT42: Crooked Charms, Cons, and Compromises | Webinar

Threat Trends: Metador, Mercenaries, and LABScon with SentinelOne

Leveraging the MITRE ATT&CK Framework to Operationalize Threat Intelligence

Hacktivists Collaborate with GRU-sponsored APT28

Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers

Frontline Stories: Introducing Mandiant Digital Risk Protection

To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions

Introducing the Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework

INDUSTROYER.V2: Old Malware Learns New Tricks

INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems

Proactive Security for Operational Technology and Critical Infrastructure

Get Ready for the Next Zero Day: Planning for the Unknown

Research Findings: 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Data

1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information

Anticipating Cyber Threats as the Ukraine Crisis Escalates

Anticipating and Preparing for Russian Cyber Activity

Mandiant Intelligence Briefing: Stories Directly From The Frontline

Cyber Tech Live India: Rapid Response to Cyber Security Headlines

IDC MarketScape: Worldwide Incident Readiness Services 2021 Report

Road to Security Predictions 2022 with Sandra Joyce, Mandiant's EVP, Global Intel & Advanced Practices

Flare-On 8 Challenge Solutions

Portable Executable File Infecting Malware Is Increasingly Found in OT Networks

Spooky RYUKy 3: The Final Chapter

Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware

Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis

FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets

The Value of Context: Using Cyber Threat Intelligence to Increase Security Effectiveness

The Perfect Cyber Security Storm of 2020: Contributing factors and Strategies to Reduce Future Risk

Considerations for Evolving to Intelligence-Led Security Ebook

Navigating the UNC2452 Intrusion Campaign

M-trends 2021: Insights into Today’s Top Cyber Trends and Attacks

Threat Intelligence: Threat Actors, Their Tactics & Their Targets

IDC The Voice of the Analysts: IMPROVING SECURITY OPERATIONS CENTER PROCESSES THROUGH ADVANCED TECHNOLOGIES

The Forrester Wave: External Threat Intelligence Services, Q1 2021

Mandiant Security Predictions 2021 Report

Global Manufacturer Addresses Potential Gaps in Security Posture with Mandiant Cyber Defense Operations

Uncategorized (UNC) Threat Groups

Advanced Persistent Threats (APTs)

What is Ransomware?

Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine

They Come in the Night: Emerging Ransomware Trends

LEVIATHAN: COMMAND AND CONTROL COMMUNICATIONS ON PLANET EARTH

Investigating PowerShell Attacks

Supply chain analysis: From Quartermaster to Sunshop

Operation Saffron Rose

DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry

Hacking the street? FIN4 likely playing the market

VS21 Fantastic Intelligence Use Cases and Where To Find Them

VS21 How to Proactively Prepare to Defend Against Threats that Matter

Threat Intel Drives Effective Vulnerability Management

Closing the Backdoor: Reverse Engineering SUNBURST