Hero banner Mwise

Cyber Threat Intelligence

Understand and proactively protect against threat actors targeting you and your peers.

Latest Threat Intelligence

Blog

Insider Threat: Hunting and Detecting

Nov 16, 2023 14 min read
Blog

The CTI Process Hyperloop: A Practical Implementation of the CTI Process Lifecycle

Nov 14, 2023 9 min read
Report

Google Cloud Cybersecurity Forecast 2024

Nov 08, 2023 1 min read
Blog

Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology

Nov 09, 2023 18 min read
Blog

Remediation for Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966)

Oct 17, 2023 2 min read
DATASHEET

PROACTIVE SECURITY FOR OPERATIONAL TECHNOLOGY

1 min read
DATASHEET

COMPROMISE ASSESSMENT

1 min read
DATASHEET

ADVANCED INTELLIGENCE ACCESS

1 min read
DATASHEET

PENETRATION TESTING

1 min read
Blog

Mandiant Threat Intelligence Product Updates for October 2023

Oct 13, 2023 2 min read
Blog

Assessed Cyber Structure and Alignments of North Korea in 2023

Oct 10, 2023 19 min read
Blog

Analysis of Time-to-Exploit Trends: 2021-2022

Sep 28, 2023 10 min read
Blog

Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations

Sep 21, 2023 21 min read
Blog

Data Protection Best Practices

Aug 31, 2023 11 min read
Blog

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

Aug 29, 2023 27 min read
WHITEPAPER

Better Together: The Benefits of Integrating Cyber Threat Intelligence and Risk Management

1 min read
WHITEPAPER

Establishing Resilience Against Edge Device Attacks

1 min read
WHITEPAPER

Security Analyst Case Study: See and Stop Software Supply Chain Compromises

1 min read
Whitepaper

Uncover Operational Technology Threats with Data Collection

1 min read
Webinar

Utilize Threat Intelligence, Establish Command & Control - Webinar Series Part 2

Aug 24, 2023 60 MINS
Blog

AI and the Five Phases of the Threat Intelligence Lifecycle

Aug 24, 2023 7 min read
Blog

Threat Actors are Interested in Generative AI, but Use Remains Limited

Aug 17, 2023 11 min read
Blog

Indicators of Compromise Scanner for Citrix ADC Zero-Day (CVE-2023-3519)

Aug 14, 2023 4 min read
Podcast

Threat Trends: The Implications of the MOVEit Compromise

Aug 07, 2023 1 min read
Blog

August 2023 Threat Horizons Report Provides Cloud-Focused Cybersecurity Insights and Recommendations

Aug 03, 2023 2 min read
Blog

Google Named a Leader in the External Threat Intelligence Service Forrester Wave™

Aug 03, 2023 2 min read
Blog

KillNet Showcases New Capabilities While Repeating Older Tactics

Jul 20, 2023 11 min read
REPORT

The Forrester Wave™: External Threat Intelligence Service Providers, Q3 2023

1 min read
Blog

Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection

Jul 18, 2023 10 min read
Webinar

How to Use Threat Intelligence to Mitigate Third Party Risk

Jul 08, 2023 62 MINS
Webinar

Building an Effective Cyber Threat Intelligence Function

Jul 13, 2023 60 MIN
BLOG

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China

Jun 15, 2023 30 min read
Blog

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

Jun 13, 2023 15 min read
INFOGRAPHICS

M-Trends 2023: Infographic

1 min read
BLOG

AI and Cybersecurity: How Mandiant Consultants and Analysts are Leveraging AI Today

Jun 08, 2023 11 min read
BLOG

A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program

Jun 06, 2023 4 min read
BLOG

Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft

Jun 02, 2023 9 min read
Blog

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises

May 25, 2023 12 min read
Report

A Requirements-Driven Approach to Cyber Threat Intelligence

May 18, 2023 1 min read
BLOG

A Requirements-Driven Approach to Cyber Threat Intelligence

May 18, 2023 3 min read
Webinar

M-Trends 2023 Webinar Series

May 24, 2023
DATASHEET

Exposure Management Evaluation Checklist

1 min read
Webinar

APT43: Prolific Cyber Operator Linked to the North Korean Regime

May 04, 2023 60 Min
Webinar

Making cyber-threat intelligence programs effective and impactful

Mar 30, 2023 60 Min
Report

Global Perspectives on Threat Intelligence Report

Feb 13, 2023 1 min read
DATASHEET

Applied Cyber Threat Intelligence

1 min read
Datasheet

Threat Intelligence Capability Development

1 min read
Datasheet

Executive Threat Intelligence Briefings

1 min read
DATASHEET

ThreatSpace Cyber Response Simulation Exercise

1 min read
DATASHEET

Purple Team Assessment

1 min read

The Defender’s Advantage Cyber Snapshot

Blog

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform

Oct 10, 2022 14 min read
REPORT

Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity

2 min read
WEBINAR

Manufacturing and Supply Chains: Threat Actors, Disruptions and Countermeasures

Sep 20, 2022 39 Min
WEBINAR

APT42: Crooked Charms, Cons, and Compromises | Webinar

Sep 27, 2022 60 Min
PODCAST

Threat Trends: Metador, Mercenaries, and LABScon with SentinelOne

Sep 29, 2022 1 min read
Case Study

IT Security Services Supplier Datacom Enhances Security Capabilities with Mandiant

3 min read
WEBINAR

Leveraging the MITRE ATT&CK Framework to Operationalize Threat Intelligence

Sep 21, 2022 60 Min
Blog

Hacktivists Collaborate with GRU-sponsored APT28

Sep 23, 2022 9 min read
Blog

Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers

Jul 26, 2022 11 min read
PODCAST

Frontline Stories: Introducing Mandiant Digital Risk Protection

Jun 07, 2022 1 min read
Blog

To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions

Jun 02, 2022 17 min read
Blog

Introducing the Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework

May 23, 2022 4 min read
Blog

INDUSTROYER.V2: Old Malware Learns New Tricks

Apr 25, 2022 13 min read
Blog

INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems

Apr 13, 2022 15 min read
Blog

Proactive Security for Operational Technology and Critical Infrastructure

Apr 11, 2022 8 min read
Webinar

Get Ready for the Next Zero Day: Planning for the Unknown

Apr 07, 2022 41 Min
WEBINAR

Research Findings: 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Data

Mar 09, 2022 51 Min
Blog

1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information

Jan 31, 2022 10 min read
Blog

Anticipating Cyber Threats as the Ukraine Crisis Escalates

Jan 20, 2022 6 min read
WEBINAR

Anticipating and Preparing for Russian Cyber Activity

Jan 20, 2022 73 Min
Webinar

Mandiant Intelligence Briefing: Stories Directly From The Frontline

Nov 18, 2021 30 Min
Webinar

Cyber Tech Live India: Rapid Response to Cyber Security Headlines

Nov 17, 2021 48 Min
ANALYST REPORT

IDC MarketScape: Worldwide Incident Readiness Services 2021 Report

2 min read
Blog

Road to Security Predictions 2022 with Sandra Joyce, Mandiant's EVP, Global Intel & Advanced Practices

Oct 26, 2021 2 min read
Blog

Flare-On 8 Challenge Solutions

Oct 22, 2021 2 min read
Blog

Portable Executable File Infecting Malware Is Increasingly Found in OT Networks

Oct 27, 2021 9 min read
Webinar

Spooky RYUKy 3: The Final Chapter

Oct 21, 2021 39 Min
Blog

Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware

Oct 20, 2021 10 min read
Blog

Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis

Oct 12, 2021 23 min read
Blog

FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets

Oct 07, 2021 9 min read
EBOOK

The Value of Context: Using Cyber Threat Intelligence to Increase Security Effectiveness

1 min read
EBOOK

The Perfect Cyber Security Storm of 2020: Contributing factors and Strategies to Reduce Future Risk

1 min read
EBOOK

Considerations for Evolving to Intelligence-Led Security Ebook

1 min read
EBOOK

Navigating the UNC2452 Intrusion Campaign

1 min read
REPORT

M-trends 2021: Insights into Today’s Top Cyber Trends and Attacks

1 min read
EBOOK

Threat Intelligence: Threat Actors, Their Tactics & Their Targets

1 min read
REPORT

IDC The Voice of the Analysts: IMPROVING SECURITY OPERATIONS CENTER PROCESSES THROUGH ADVANCED TECHNOLOGIES

1 min read
REPORT

The Forrester Wave: External Threat Intelligence Services, Q1 2021

2 min read
REPORT

Mandiant Security Predictions 2021 Report

2 min read
CUSTOMER STORY

Global Manufacturer Addresses Potential Gaps in Security Posture with Mandiant Cyber Defense Operations

Oct 10, 2022 3 min read
Insight

Uncategorized (UNC) Threat Groups

4 min read
Insight

Advanced Persistent Threats (APTs)

25 min read
Insight

What is Ransomware?

2 min read
Threat Research

Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine

Oct 28, 2020 11 min read
Webinar

They Come in the Night: Emerging Ransomware Trends

Mar 31, 2021 56 Min
Report

LEVIATHAN: COMMAND AND CONTROL COMMUNICATIONS ON PLANET EARTH

1 min read
Report

Investigating PowerShell Attacks

1 min read
Report

Supply chain analysis: From Quartermaster to Sunshop

1 min read
Report

Operation Saffron Rose

1 min read
Report

DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry

1 min read
Report

Hacking the street? FIN4 likely playing the market

1 min read
Webinar

VS21 Fantastic Intelligence Use Cases and Where To Find Them

Apr 13, 2021 44 Min
Webinar

VS21 How to Proactively Prepare to Defend Against Threats that Matter

Apr 12, 2021 48 Min
Webinar

Threat Intel Drives Effective Vulnerability Management

Apr 30, 2020 56 Min
Webinar

A Global Reset: Cyber Security Predictions 2021

Jan 20, 2021 45 Min
Webinar

VS21 The Top Cyber Trends and Attacks: A First Look at M-Trends 2021

Apr 12, 2021 57 Min
Webinar

UNC2452: What We Know So Far

Jan 11, 2021 56 Min
Webinar

VS21 On the Defensive: Shaping Your Cyber Strategy in the Wake of UNC2452

Apr 13, 2021 42 Min
Webinar

Ransomware: Attackers' top choice for cyber extortion

Mar 03, 2021 60 Min
Webinar

Operationalizing Cyber Threat Intel

Feb 10, 2020 46 Min
Webinar

Mandiant Front Lines: The Latest on Exchange Exploits

Mar 17, 2020 45 Min
PODCAST

Fostering CTI Development with Mandiant Intelligence Services

Jul 12, 2021 1 min read
PODCAST

Filling the CTI Skills Gap with Mandiant On-Demand Cyber Intelligence Training

Jun 14, 2021 1 min read
PODCAST

Low Sophistication Threat Actors Continue to Target OT

Jun 09, 2021 1 min read
PODCAST

The Making of an M-Trends Report

Apr 21, 2021 2 min read
PODCAST

The "Big Four": Spotlight on Russia

Apr 11, 2021 2 min read
PODCAST

The "Big Four": Spotlight on China

Mar 23, 2021 2 min read
PODCAST

An Inside Look into How Reddit Fights Cyber Threats

Mar 15, 2021 1 min read
Webinar

Closing the Backdoor: Reverse Engineering SUNBURST

Apr 04, 2021 60 Min
Webinar

M-Trends 2020: Insights into Today’s Cyber Attacks

Mar 12, 2020 72 Min
Webinar

Perpsecitve on Iranian Attacks & Practical Mitigations

Jan 12, 2021 49 Min
Webinar

Proactive Solutions to Stop Modern Ransomware in its Tracks

Jun 08, 2020 57 Min
Webinar

The Road Ahead: Cyber Security in 2020 and Beyond

Nov 21, 2019 54 Min
Webinar

Considerations for Evolving to Intelligence-Led Security

Apr 23, 2021 38 Min
Webinar

Threat Intelligence as a Business Enabler

Jun 09, 2020 56 Min
Webinar

VS21 Malware Maelstrom: Guarding Against the Return of APT10 and its Subsets

Apr 12, 2021 45 Min
Webinar

VS21 Intelligence-Led Security Validation: A Strategy to Prove & Communicate Competency

Apr 13, 2021 56 Min
Webinar

VS21 Fireside Chat with the Head of Mandiant Intelligence: Sandra Joyce

Apr 12, 2021 52 Min
Webinar

VS21 M-Trends 2021 First Look: The Top Cyber Trends and Attacks Through an EMEA Lens

Apr 15, 2021 47 Min
Webinar

VS21 Cyber Threat Profile: The Centerpiece of Intelligence-Led Programs

Apr 12, 2021 43 Min
Webinar

How to Resolve the Cyber Skills Gap

Jan 22, 2020 18 Min
Webinar

Rethink Cyber Defense Strategies by Starting with Threats

Jun 09, 2020 44 Min
Webinar

Ransomware Trends with a Focus on MAZE

Jun 08, 2020 55 Min
Report

APT30: The Mechanics of a Long-Running Cyber Espionage Operation

1 min read
Report

Red Line Drawn: China recalculates its use of cyber espionage

1 min read
Report

FIN10: Anatomy of a Cyber Extortion Operation

1 min read
Report

NIST: Best Practices in Cyber Security Chain Risk Management

1 min read
Report

IANS Research Survey: Building a Better Budget for Advanced Threat Detection and Prevention

1 min read
Report

The Business Case For Protecting Against Advanced Attacks: Demonstrating ROI to Non-Technical Executives

2 min read
Report

HAMMERTOSS: Stealthy tactics define a Russian cyber threat group

1 min read
Report

HAMMERTOSS: Stealthy tactics define a Russian cyber threat group

1 min read
Report

Forrester: Determine The Business Value Of An Effective Security Program — Information Security Economics 101

1 min read
Report

Definitive Guide to Advanced Threat Protection: Defeating Your Cyber Enemies

1 min read
Report

Suspected Iranian Influence Operation

1 min read
Report

APT38: Un-usual Suspects

1 min read
Report

APT41 (Double Dragon): A Dual Espionage and Cyber Crime Operation

1 min read
Threat Research

capa 2.0: Better, Stronger, Faster

Jul 19, 2021 10 min read
Threat Research

Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise

Jun 16, 2021 17 min read
Threat Research

Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

May 27, 2021 19 min read
Threat Research

Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises

May 25, 2021 7 min read
Threat Research

Shining a Light on DARKSIDE Ransomware Operations | Blog

May 11, 2021 30 min read
Threat Research

The UNC2529 Triple Double: A Trifecta Phishing Campaign

May 04, 2021 25 min read
Threat Research

UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat

Apr 29, 2021 15 min read
Threat Research

Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity

Apr 28, 2021 2 min read
Threat Research

Abusing AD FS Replication: Stealing AD FS Secrets Over the Network

Apr 27, 2021 10 min read
Threat Research

Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

Apr 20, 2021 12 min read
Threat Research

Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day

Apr 20, 2021 32 min read
Threat Research

Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure

Apr 13, 2021 9 min read
Threat Research

M-Trends 2021: A View From the Front Lines

Apr 13, 2021 3 min read
Threat Research

Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service

Mar 31, 2021 10 min read
Threat Research

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

Mar 04, 2021 7 min read
Threat Research

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

Mar 04, 2021 9 min read
Threat Research

Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory

Mar 03, 2021 14 min read
Threat Research

So Unchill: Melting UNC2198 ICEDID to Ransomware Operations

Feb 25, 2021 16 min read
Threat Research

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion

Feb 22, 2021 12 min read
Threat Research

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

Feb 17, 2021 15 min read
Threat Research

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)

Feb 17, 2021 9 min read
Threat Research

Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication

Jan 26, 2021 5 min read
Threat Research

Training Transformers for Cyber Security Tasks: A Case Study on Malicious URL Prediction

Jan 21, 2021 10 min read
Threat Research

Emulation of Kernel Mode Rootkits With Speakeasy

Jan 20, 2021 10 min read
Threat Research

Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 | Blog

Jan 19, 2021 5 min read
Threat Research

SUNBURST Additional Technical Details

Dec 24, 2020 18 min read
Threat Research

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

Dec 13, 2020 16 min read
Threat Research

Unauthorized Access of FireEye Red Team Tools

Dec 08, 2020 3 min read
Threat Research

Using Speakeasy Emulation Framework Programmatically to Unpack Malware

Dec 01, 2020 13 min read
Threat Research

Election Cyber Threats in the Asia-Pacific Region

Nov 22, 2020 6 min read
Threat Research

Purgalicious VBA: Macro Obfuscation With VBA Purging

Nov 19, 2020 9 min read
Threat Research

WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques

Nov 09, 2020 18 min read
Threat Research

In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871

Nov 04, 2020 5 min read
Threat Research

Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945

Nov 02, 2020 11 min read
Threat Research

Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser

Oct 28, 2020 22 min read
Threat Research

FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft

Oct 14, 2020 3 min read
Threat Research

Detecting Microsoft 365 and Azure Active Directory Backdoors

Sep 30, 2020 12 min read
Threat Research

A "DFUR-ent" Perspective on Threat Modeling and Application Log Forensic Analysis

Sep 14, 2020 9 min read
Threat Research

Emulation of Malicious Shellcode With Speakeasy

Aug 26, 2020 15 min read
Threat Research

A Hands-On Introduction to Mandiant's Approach to OT Red Teaming

Aug 25, 2020 12 min read
Threat Research

Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach

Aug 06, 2020 16 min read
Threat Research

Repurposing Neural Networks to Generate Synthetic Media for Information Operations

Aug 05, 2020 14 min read
Threat Research

Announcing the Seventh Annual Flare-On Challenge

Aug 04, 2020 2 min read
Threat Research

Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates

Jul 30, 2020 16 min read
Threat Research

'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests

Jul 28, 2020 2 min read
Threat Research

capa: Automatically Identify Malware Capabilities

Jul 16, 2020 9 min read
Threat Research

Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families

Jul 15, 2020 11 min read
Threat Research

SCANdalous! (External Detection Using Network Scan Data and Automation)

Jul 13, 2020 9 min read
Threat Research

Using Real-Time Events in Investigations

May 14, 2020 8 min read
Threat Research

Analyzing Dark Crystal RAT, a C# Backdoor

May 12, 2020 19 min read
Threat Research

Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents

May 07, 2020 21 min read
Threat Research

Excelerating Analysis, Part 2 — X[LOOKUP] Gon’ Pivot To Ya

Apr 28, 2020 10 min read
Threat Research

Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage

Apr 22, 2020 3 min read
Threat Research

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

Apr 13, 2020 6 min read
Threat Research

Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill — Intelligence for Vulnerability Management, Part One

Apr 06, 2020 5 min read
Threat Research

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

Apr 02, 2020 11 min read
Threat Research

Kerberos Tickets on Linux Red Teams

Apr 01, 2020 11 min read
Threat Research

It’s Your Money and They Want It Now — The Cycle of Adversary Pursuit

Mar 31, 2020 9 min read
Threat Research

This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits

Mar 25, 2020 12 min read
Threat Research

Six Facts about Address Space Layout Randomization on Windows

Mar 17, 2020 17 min read
Threat Research

They Come in the Night: Ransomware Deployment Trends

Mar 16, 2020 7 min read
Threat Research

Crescendo: Real Time Event Viewer for macOS

Mar 09, 2020 3 min read
Threat Research

Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT

Feb 24, 2020 10 min read
Threat Research

M-Trends 2020: Insights From the Front Lines

Feb 20, 2020 2 min read
Threat Research

The Missing LNK — Correlating User Search LNK files

Feb 19, 2020 14 min read
Threat Research

"Distinguished Impersonator" Information Operation That Previously Impersonated U.S. Politicians and Journalists on Social Media Leverages Fabricated U.S. Liberal Personas to Promote Iranian Interests

Feb 12, 2020 8 min read
Threat Research

STOMP 2 DIS: Brilliance in the (Visual) Basics

Feb 05, 2020 15 min read
Threat Research

DLL Side-loading & Hijacking — Using Threat Intelligence to Weaponize R&D

Jan 31, 2020 11 min read
Threat Research

Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor

Jan 15, 2020 8 min read
Threat Research

SAIGON, the Mysterious Ursnif Fork

Jan 09, 2020 14 min read
Blog

The Mandiant Approach to Operational Technology (OT) Security

Dec 11, 2019 8 min read
Threat Research

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

Dec 04, 2019 11 min read
Threat Research

Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel

Dec 03, 2019 11 min read
Threat Research

MESSAGETAP: Who’s Reading Your Text Messages?

Oct 31, 2019 6 min read
Threat Research

Shikata Ga Nai Encoder Still Going Strong

Oct 21, 2019 14 min read
Threat Research

Staying Hidden on the Endpoint: Evading Detection with Shellcode

Oct 10, 2019 10 min read
Threat Research

Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques

Oct 10, 2019 11 min read
Threat Research

Head Fake: Tackling Disruptive Ransomware Attacks

Oct 01, 2019 13 min read
Threat Research

The FireEye OT-CSIO: An Ontology to Understand, Cross-Compare, and Assess Operational Technology Cyber Security Incidents

Sep 30, 2019 5 min read
Threat Research

2019 Flare-On Challenge Solutions

Sep 27, 2019 2 min read
Threat Research

Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment

Sep 05, 2019 3 min read
Threat Research

SharPersist: Windows Persistence Toolkit in C#

Sep 03, 2019 6 min read
Threat Research

Definitive Dossier of Devilish Debug Details – Part One: PDB Paths and Malware

Aug 29, 2019 30 min read
Threat Research

Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools

Jul 25, 2019 6 min read
Threat Research

APT41: A Dual Espionage and Cyber Crime Operation

Aug 07, 2019 5 min read
Threat Research

Commando VM 2.0: Customization, Containers, and Kali, Oh My!

Aug 07, 2019 7 min read
Threat Research

GAME OVER: Detecting and Stopping an APT41 Operation

Aug 19, 2019 5 min read
Threat Research

Hard Pass: Declining APT34’s Invite to Join Their Professional Network

Jul 18, 2019 10 min read
Threat Research

Hunting COM Objects

Jun 04, 2019 8 min read
Threat Research

CARBANAK Week Part One: A Rare Occurrence

Apr 22, 2019 10 min read
Threat Research

TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping

Apr 10, 2019 14 min read
Threat Research

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware

Apr 05, 2019 8 min read
Threat Research

Commando VM: The First of Its Kind Windows Offensive Distribution

Mar 28, 2019 8 min read
Threat Research

Going ATOMIC: Clustering and Associating Attacker Activity at Scale

Mar 12, 2019 9 min read
Threat Research

APT40: Examining a China-Nexus Espionage Actor

Mar 04, 2019 6 min read
Threat Research

APT39: An Iranian Cyber Espionage Group Focused on Personal Information

Jan 29, 2019 5 min read
Threat Research

Bypassing Network Restrictions Through RDP Tunneling

Jan 24, 2019 7 min read
Threat Research

Cryptocurrency and Blockchain Networks: Facing New Security Paradigms

Jan 23, 2019 24 min read
Threat Research

A Nasty Trick: From Credential Theft Malware to Business Disruption

Jan 10, 2019 11 min read
Threat Research

Global DNS Hijacking Campaign: DNS Record Manipulation at Scale

Jan 09, 2019 6 min read
Threat Research

Digging Up the Past: Windows Registry Forensics Revisited

Jan 08, 2019 13 min read
Threat Research

OVERRULED: Containing a Potentially Destructive Adversary

Dec 21, 2018 16 min read
Threat Research

What are Deep Neural Networks Learning About Malware?

Dec 13, 2018 15 min read
Threat Research

Obfuscated Command Line Detection Using Machine Learning

Nov 29, 2018 10 min read
Threat Research

Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign

Nov 19, 2018 10 min read
Threat Research

FLARE VM Update

Nov 14, 2018 5 min read
Threat Research

TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers

Oct 23, 2018 7 min read
Threat Research

2018 Flare-On Challenge Solutions

Oct 05, 2018 2 min read
Threat Research

APT38: Details on New North Korean Regime-Backed Threat Group

Oct 03, 2018 5 min read
Threat Research

Increased Use of a Delphi Packer to Evade Malware Classification

Sep 20, 2018 4 min read
Threat Research

APT10 Targeting Japanese Corporations Using Updated TTPs

Sep 13, 2018 6 min read
Threat Research

Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware

Sep 06, 2018 7 min read
Threat Research

Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East

Aug 21, 2018 4 min read
Threat Research

On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation

Aug 01, 2018 25 min read
Threat Research

Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally

Jul 10, 2018 9 min read
Threat Research

Malicious PowerShell Detection via Machine Learning

Jul 10, 2018 6 min read
Threat Research

Bring Your Own Land (BYOL) – A Novel Red Teaming Technique

Jun 18, 2018 7 min read
Threat Research

Reverse Engineering the Analyst: Building Machine Learning Models for the SOC

Jun 05, 2018 15 min read
Threat Research

Shining a Light on OAuth Abuse with PwnAuth

May 21, 2018 7 min read
Threat Research

A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan

May 14, 2018 7 min read
Threat Research

DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques

Mar 22, 2018 2 min read
Threat Research

Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries

Mar 16, 2018 5 min read
Threat Research

Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign

Mar 13, 2018 11 min read
Threat Research

APT37 (Reaper): The Overlooked North Korean Actor

Feb 20, 2018 2 min read
Threat Research

ReelPhish: A Real-Time Two-Factor Phishing Tool

Feb 07, 2018 6 min read
Threat Research

Debugging Complex Malware that Executes Code on the Heap

Jan 04, 2018 12 min read
Threat Research

Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure

Dec 14, 2017 14 min read
Threat Research

New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit

Dec 07, 2017 9 min read
Threat Research

2017 Flare-On Challenge Solutions

Oct 13, 2017 2 min read
Threat Research

Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea

Oct 05, 2017 11 min read
Threat Research

Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware

Sep 20, 2017 11 min read
Threat Research

FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY

Sep 12, 2017 4 min read
Threat Research

Monitoring Windows Console Activity (Part 1)

Sep 01, 2017 5 min read
Threat Research

FLARE VM: The Windows Malware Analysis Distribution You’ve Always Needed!

Jul 26, 2017 7 min read
Threat Research

Behind the CARBANAK Backdoor

Jun 12, 2017 14 min read
Threat Research

Privileges and Credentials: Phished at the Request of Counsel

Jun 06, 2017 9 min read
Threat Research

SMB Exploited: WannaCry Use of "EternalBlue"

May 26, 2017 3 min read
Threat Research

WannaCry Malware Profile

May 23, 2017 27 min read
Threat Research

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations

May 14, 2017 11 min read
Threat Research

EPS Processing Zero-Days Exploited by Multiple Threat Actors

May 09, 2017 10 min read
Threat Research

To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence

May 03, 2017 4 min read
Threat Research

FIN7 Evolution and the Phishing LNK

Apr 24, 2017 5 min read
Threat Research

CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler

Apr 11, 2017 7 min read
Threat Research

APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat

Apr 06, 2017 5 min read
Threat Research

Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)

Apr 03, 2017 6 min read
Threat Research

Introducing Monitor.app for macOS

Mar 31, 2017 3 min read
Threat Research

APT29 Domain Fronting With TOR

Mar 27, 2017 6 min read
Threat Research

Introduction to Reverse Engineering Cocoa Applications

Mar 08, 2017 10 min read
Threat Research

New Variant of Ploutus ATM Malware Observed in the Wild in Latin America

Jan 11, 2017 8 min read
Threat Research

Hancitor (AKA Chanitor) observed using multiple attack approaches

Sep 23, 2016 5 min read
Threat Research

Embedded Hardware Hacking 101 – The Belkin WeMo Link

Aug 22, 2016 14 min read
Threat Research

WMI vs. WMI: Monitoring for Malicious Activity

Aug 18, 2016 6 min read
Threat Research

FakeNet-NG: Next Generation Dynamic Network Analysis Tool

Aug 03, 2016 6 min read
Threat Research

The Latest Android Overlay Malware Spreading via SMS Phishing in Europe

Jun 28, 2016 14 min read
Threat Research

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Jun 23, 2016 9 min read
Threat Research

Sandworm Team and the Ukrainian Power Authority Attacks

Jan 07, 2016 5 min read
Threat Research

How RTF malware evades static signature-based detection

May 20, 2016 9 min read
Threat Research

Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks

May 11, 2016 4 min read
Threat Research

Deobfuscating Python Bytecode

May 03, 2016 6 min read
Threat Research

China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets

Dec 01, 2015 8 min read
Threat Research

SYNful Knock - A Cisco router implant - Part I

Sep 15, 2015 12 min read
Threat Research

Malware Lateral Movement: A Primer

Aug 11, 2015 5 min read
Threat Research

Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak

Jul 13, 2015 4 min read
Threat Research

Caching Out: The Value of Shimcache for Investigators

Jun 17, 2015 7 min read
Threat Research

Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign

Jun 23, 2015 7 min read
Threat Research

Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack

Apr 18, 2015 7 min read
Threat Research

Microsoft Word Intruder (MWI): A New Word Document Exploit Kit

Apr 01, 2015 14 min read
Threat Research

Operation Double Tap

Nov 21, 2014 5 min read
Threat Research

The FLARE On Challenge Solutions: Part 1 of 2

Nov 17, 2014 12 min read
Threat Research

FLARE IDA Pro Script Series: Generating FLAIR function patterns using IDAPython

Jan 08, 2015 6 min read
Threat Research

APT28 Malware: A Window into Russia's Cyber Espionage Operations?

Oct 27, 2014 2 min read
Threat Research

Darwin’s Favorite APT Group

Sep 03, 2014 7 min read
Threat Research

Attackers Exploit the Heartbleed OpenSSL Vulnerability to Circumvent Multi-factor Authentication on VPNs

Apr 18, 2014 3 min read
Threat Research

DLL Side-Loading: Another Blind-Spot for Anti-Virus

Apr 03, 2014 2 min read
Threat Research

XtremeRAT: Nuisance or Threat?

Feb 19, 2014 11 min read
Threat Research

Tracking Malware with Import Hashing

Jan 23, 2014 9 min read
Threat Research

OpenIOC: Back to the Basics

Oct 01, 2013 5 min read
Threat Research

Evasive Tactics: Taidoor

Sep 06, 2013 5 min read
Threat Research

Did It Execute?

Aug 27, 2013 5 min read
Threat Research

Now You See Me - H-worm by Houdini

Sep 24, 2013 4 min read
Threat Research

Breaking Down the China Chopper Web Shell - Part I

Aug 07, 2013 7 min read
Threat Research

Breaking Down the China Chopper Web Shell - Part II

Aug 09, 2013 6 min read
Threat Research

Malware Callbacks

Apr 23, 2013 3 min read

Mandiant Exposes APT1 – One of China's Cyber Espionage Units & Releases 3,000 Indicators

Feb 19, 2013 3 min read
Threat Research

Using Precalculated String Hashes when Reverse Engineering Shellcode

Nov 29, 2012 6 min read
Threat Research

Tearing up the Windows Registry with python-registry

Jul 21, 2011 7 min read
Threat Research

Reversing Malware Command and Control: From Sockets to COM

Aug 16, 2010 9 min read
Threat Research

Malware Persistence without the Windows Registry

Jul 15, 2010 7 min read
Threat Research

Web Historian: Reloaded

Jun 16, 2010 3 min read
Threat Research

Two-factor Authentication Best Practices: 99 Problems but Two-Factor Ain’t One

Mar 23, 2016 13 min read
Threat Research

Greater Visibility Through PowerShell Logging

Feb 11, 2016 8 min read
Threat Intelligence presentation

Mandiant Advantage Threat Intelligence

Explore Mandiant frontline research and access exclusive intelligence reports.

Finished Intelligence

APT42: Crooked Charms, Cons, and Compromises

Mandiant assesses with high confidence that APT42 is an Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian Government.

Available with a free Mandiant Advantage subscription.

Access the Report

Cyber Threat Actors Announce Threats and Attacks Against Critical Infrastructure in Response to Russia/Ukraine Conflict

In response to the Russia/Ukraine conflict, various cyber threat actor groups have been announcing sides and possible threats of action against various parties. Mandiant Threat Intelligence observed some activity with implications for critical infrastructure and operational…

Available with a free Mandiant Advantage subscription.

Access the Report

EMOTET Distributes New Payment Card Theft Module and Atera Agent Installers

Mandiant observed UNC3443 EMOTET activity distributing a new payment card stealing module targeting Chrome users.

Available with a paid Mandiant Advantage Threat Intelligence subscription.

Access the Report

Active Threat Actors

APT41

APT41 is a Chinese state-sponsored espionage group that also conducts financially motivated activity for personal gain. The group has executed multiple supply chain compromises, gaining access to software companies to inject malicious code into legitimate files before distributing updates.

Available with a free Mandiant Advantage subscription.

Access the Report

FIN11

FIN11 is a financially motivated threat group that has conducted some of the largest and longest running malware distribution campaigns observed amongst our FIN groups to date. Mandiant has observed FIN11 attempt to monetize their operations at least once using named point-of-sale (POS) malware and more frequently using CLOP ransomware combined with traditional extortion.

Available with a free Mandiant Advantage subscription.

Access the Report

UNC1543

UNC1543 is a financially motivated cluster of activity that distributes FAKEUPDATES, a multi-stage JavaScript dropper that typically masquerades as a browser update. In at least some cases, UNC1543 appears to partner with clients or affiliates who use access obtained by the group to deploy additional malware.

Available with a paid Mandiant Advantage Threat Intelligence subscription.

Access the Report

Male with Phone and Threat Intelligence on Monitor

Why Mandiant Threat Intelligence?

Get critical insights into the latest relevant threats as Mandiant blends open-source data with proprietary frontline observations.

Learn More

Protection Guides

Making threat intelligence actionable is critical to cyber defense. Our detailed guides help you understand and apply threat intelligence.

Proactive Preparation and Hardening to Prevent Against Destructive Attacks

Includes hardening and detection guidance to protect against a destructive attack or other security incident within your environment.

Ransomware Protection and Containment Strategies

Practical guidance for endpoint protection, hardening and containment.

Linux Endpoint Hardening to Protect Against Malware and Destructive Attacks

This paper provides recommendations to protect Linux endpoints from adversarial abuse. 

You Might Also Be Interested In

Better Together: The Benefits of Integrating Cyber Threat Intelligence and Risk Management

Best practices for CTI and risk professionals to work together. Improving collaboration begins with building mutual understanding.

Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29

Learn how to proactively harden and remediate your environments against attack techniques used by APT29.

The Defender’s Advantage Cyber Snapshot

Get insights into today’s top cyber defense topics based on Mandiant frontline, real-world experience.

Global Perspectives on Threat Intelligence Report from Mandiant

Learn the key challenges facing cyber security decision-makers from organizations around the world and key actions required to solidify your cyber readiness. Get the Global Perspectives on Threat Intelligence report today.

Read The Report

 

Watch the Webinar

 

Global Perspective Threat Intelligence

Register today for free access to Mandiant Threat Intelligence

Jump To