
Cyber Threat Intelligence
Understand and proactively protect against threat actors targeting you and your peers.
Latest Threat Intelligence
Detecting Microsoft 365 and Azure Active Directory Backdoors
Sep 30, 2020 12 min readAPT38: Details on New North Korean Regime-Backed Threat Group
Oct 03, 2018 5 min readPrivileges and Credentials: Phished at the Request of Counsel
Jun 06, 2017 9 min read
Mandiant Advantage Threat Intelligence
Explore Mandiant frontline research and access exclusive intelligence reports.
Finished Intelligence
APT42: Crooked Charms, Cons, and Compromises
Mandiant assesses with high confidence that APT42 is an Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian Government.
Available with a free Mandiant Advantage subscription.
Cyber Threat Actors Announce Threats and Attacks Against Critical Infrastructure in Response to Russia/Ukraine Conflict
In response to the Russia/Ukraine conflict, various cyber threat actor groups have been announcing sides and possible threats of action against various parties. Mandiant Threat Intelligence observed some activity with implications for critical infrastructure and operational…
Available with a free Mandiant Advantage subscription.
EMOTET Distributes New Payment Card Theft Module and Atera Agent Installers
Mandiant observed UNC3443 EMOTET activity distributing a new payment card stealing module targeting Chrome users.
Available with a paid Mandiant Advantage Threat Intelligence subscription.
Active Threat Actors
APT41
APT41 is a Chinese state-sponsored espionage group that also conducts financially motivated activity for personal gain. The group has executed multiple supply chain compromises, gaining access to software companies to inject malicious code into legitimate files before distributing updates.
Available with a free Mandiant Advantage subscription.
FIN11
FIN11 is a financially motivated threat group that has conducted some of the largest and longest running malware distribution campaigns observed amongst our FIN groups to date. Mandiant has observed FIN11 attempt to monetize their operations at least once using named point-of-sale (POS) malware and more frequently using CLOP ransomware combined with traditional extortion.
Available with a free Mandiant Advantage subscription.
UNC1543
UNC1543 is a financially motivated cluster of activity that distributes FAKEUPDATES, a multi-stage JavaScript dropper that typically masquerades as a browser update. In at least some cases, UNC1543 appears to partner with clients or affiliates who use access obtained by the group to deploy additional malware.
Available with a paid Mandiant Advantage Threat Intelligence subscription.

Why Mandiant Threat Intelligence?
Get critical insights into the latest relevant threats as Mandiant blends open-source data with proprietary frontline observations.
Protection Guides
Making threat intelligence actionable is critical to cyber defense. Our detailed guides help you understand and apply threat intelligence.
Proactive Preparation and Hardening to Prevent Against Destructive Attacks
Includes hardening and detection guidance to protect against a destructive attack or other security incident within your environment.
Ransomware Protection and Containment Strategies
Practical guidance for endpoint protection, hardening and containment.
Linux Endpoint Hardening to Protect Against Malware and Destructive Attacks
This paper provides recommendations to protect Linux endpoints from adversarial abuse.
You Might Also Be Interested In
Mandiant Cyber Security Forecast 2023
Inform your cyber security strategy for 2023 with insights from Mandiant leaders and experts.
Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29
Learn how to proactively harden and remediate your environments against attack techniques used by APT29.
The Defender’s Advantage Cyber Snapshot
Get insights into today’s top cyber defense topics based on Mandiant frontline, real-world experience.
Global Perspectives on Threat Intelligence Report from Mandiant
Learn the key challenges facing cyber security decision-makers from organizations around the world and key actions required to solidify your cyber readiness. Get the Global Perspectives on Threat Intelligence report today.
