Hero banner Mwise

Cyber Threat Intelligence

Understand and proactively protect against threat actors targeting you and your peers.

Latest Threat Intelligence

The Defender’s Advantage Cyber Snapshot

Blog

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform

Oct 10, 2022 14 min read
WEBINAR

Manufacturing and Supply Chains: Threat Actors, Disruptions and Countermeasures

Sep 20, 2022 39 Min
WEBINAR

APT42: Crooked Charms, Cons, and Compromises | Webinar

Sep 27, 2022 60 Min
Podcast

Threat Trends: Metador, Mercenaries, and LABScon with SentinelOne

Sep 29, 2022 1 min read
WEBINAR

Leveraging the MITRE ATT&CK Framework to Operationalize Threat Intelligence

Sep 21, 2022 60 Min
Blog

GRU: Rise of the (Telegram) MinIOns

Sep 23, 2022 9 min read
Blog

Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers

Jul 26, 2022 11 min read
Podcast

Frontline Stories: Introducing Mandiant Digital Risk Protection

Jun 07, 2022 1 min read
Blog

To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions

Jun 02, 2022 17 min read
Blog

Introducing the Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework

May 23, 2022 4 min read
Blog

INDUSTROYER.V2: Old Malware Learns New Tricks

Apr 25, 2022 14 min read
Blog

INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems

Apr 13, 2022 15 min read
Blog

Proactive Security for Operational Technology | Blog

Apr 11, 2022 9 min read
Webinar

Get Ready for the Next Zero Day: Planning for the Unknown

Apr 07, 2022 41 Min
WEBINAR

Research Findings: 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Data

Mar 09, 2022 51 Min
Blog

1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information

Jan 31, 2022 10 min read
Blog

Anticipating Cyber Threats as the Ukraine Crisis Escalates

Jan 20, 2022 6 min read
Webinar

Anticipating and Preparing for Russian Cyber Activity

Jan 20, 2022 73 Min
Webinar

Mandiant Intelligence Briefing: Stories Directly From The Frontline

Nov 18, 2021 30 Min
Webinar

Cyber Tech Live India: Rapid Response to Cyber Security Headlines

Nov 17, 2021 48 Min
Blog

Road to Security Predictions 2022 with Sandra Joyce, Mandiant's EVP, Global Intel & Advanced Practices

Oct 26, 2021 2 min read
Blog

Flare-On 8 Challenge Solutions

Oct 22, 2021 2 min read
Blog

Portable Executable File Infecting Malware Is Increasingly Found in OT Networks

Oct 27, 2021 9 min read
Webinar

Spooky RYUKy 3: The Final Chapter

Oct 21, 2021 39 Min
Blog

Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware

Oct 20, 2021 10 min read
Blog

Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis

Oct 12, 2021 23 min read
Blog

FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets

Oct 07, 2021 9 min read
CUSTOMER STORY

Global Manufacturer Addresses Potential Gaps in Security Posture with Mandiant Cyber Defense Operations

Oct 10, 2022 3 min read
Insight

Uncategorized (UNC) Threat Groups

4 min read
Insight

Advanced Persistent Threats (APTs)

25 min read
Insight

What is Ransomware?

2 min read
Threat Research

Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine

Oct 28, 2020 11 min read
Webinar

They Come in the Night: Emerging Ransomware Trends

Mar 31, 2021 56 Min
Webinar

VS21 Fantastic Intelligence Use Cases and Where To Find Them

Apr 13, 2021 44 Min
Webinar

VS21 How to Proactively Prepare to Defend Against Threats that Matter

Apr 12, 2021 48 Min
Webinar

Threat Intel Drives Effective Vulnerability Management

Apr 30, 2020 56 Min
Webinar

VS21 The Top Cyber Trends and Attacks: A First Look at M-Trends 2021

Apr 12, 2021 57 Min
Webinar

A Global Reset: Cyber Security Predictions 2021

Jan 20, 2021 45 Min
Webinar

VS21 On the Defensive: Shaping Your Cyber Strategy in the Wake of UNC2452

Apr 13, 2021 42 Min
Webinar

UNC2452: What We Know So Far

Jan 11, 2021 56 Min
Webinar

Ransomware: Attackers' top choice for cyber extortion

Mar 03, 2021 60 Min
Webinar

Operationalizing Cyber Threat Intel

Feb 10, 2020 46 Min
Webinar

Mandiant Front Lines: The Latest on Exchange Exploits

Mar 17, 2020 45 Min
Podcast

An Inside Look into How Reddit Fights Cyber Threats

Mar 15, 2021 1 min read
Podcast

The "Big Four": Spotlight on China

Mar 23, 2021 2 min read
Podcast

The "Big Four": Spotlight on Russia

Apr 11, 2021 2 min read
Podcast

The Making of an M-Trends Report

Apr 21, 2021 2 min read
Podcast

Low Sophistication Threat Actors Continue to Target OT

Jun 09, 2021 1 min read
Podcast

Filling the CTI Skills Gap with Mandiant On-Demand Cyber Intelligence Training

Jun 14, 2021 1 min read
Podcasts

Fostering CTI Development with Mandiant Intelligence Services

Jul 12, 2021 1 min read
Webinar

Closing the Backdoor: Reverse Engineering SUNBURST

Apr 04, 2021 60 Min
Webinar

Perpsecitve on Iranian Attacks & Practical Mitigations

Jan 12, 2021 49 Min
Webinar

M-Trends 2020: Insights into Today’s Cyber Attacks

Mar 12, 2020 72 Min
Webinar

Proactive Solutions to Stop Modern Ransomware in its Tracks

Jun 08, 2020 57 Min
Webinar

Considerations for Evolving to Intelligence-Led Security

Apr 23, 2021 38 Min
Webinar

The Road Ahead: Cyber Security in 2020 and Beyond

Nov 21, 2019 54 Min
Webinar

Threat Intelligence as a Business Enabler

Jun 09, 2020 56 Min
Webinar

VS21 Malware Maelstrom: Guarding Against the Return of APT10 and its Subsets

Apr 12, 2021 45 Min
Webinar

VS21 Fireside Chat with the Head of Mandiant Intelligence: Sandra Joyce

Apr 12, 2021 52 Min
Threat Intelligence presentation

Mandiant Advantage Threat Intelligence

Explore Mandiant frontline research and access exclusive intelligence reports.

Finished Intelligence

APT42: Crooked Charms, Cons, and Compromises

Mandiant assesses with high confidence that APT42 is an Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian Government.

Available with a free Mandiant Advantage subscription.

Access the Report

Cyber Threat Actors Announce Threats and Attacks Against Critical Infrastructure in Response to Russia/Ukraine Conflict

In response to the Russia/Ukraine conflict, various cyber threat actor groups have been announcing sides and possible threats of action against various parties. Mandiant Threat Intelligence observed some activity with implications for critical infrastructure and operational…

Available with a free Mandiant Advantage subscription.

Access the Report

EMOTET Distributes New Payment Card Theft Module and Atera Agent Installers

Mandiant observed UNC3443 EMOTET activity distributing a new payment card stealing module targeting Chrome users.

Available with a paid Mandiant Advantage Threat Intelligence subscription.

Access the Report

Active Threat Actors

APT41

APT41 is a Chinese state-sponsored espionage group that also conducts financially motivated activity for personal gain. The group has executed multiple supply chain compromises, gaining access to software companies to inject malicious code into legitimate files before distributing updates.

Available with a free Mandiant Advantage subscription.

Access the Report

FIN11

FIN11 is a financially motivated threat group that has conducted some of the largest and longest running malware distribution campaigns observed amongst our FIN groups to date. Mandiant has observed FIN11 attempt to monetize their operations at least once using named point-of-sale (POS) malware and more frequently using CLOP ransomware combined with traditional extortion.

Available with a free Mandiant Advantage subscription.

Access the Report

UNC1543

UNC1543 is a financially motivated cluster of activity that distributes FAKEUPDATES, a multi-stage JavaScript dropper that typically masquerades as a browser update. In at least some cases, UNC1543 appears to partner with clients or affiliates who use access obtained by the group to deploy additional malware.

Available with a paid Mandiant Advantage Threat Intelligence subscription.

Access the Report

Male with Phone and Threat Intelligence on Monitor

Why Mandiant Threat Intelligence?

Get critical insights into the latest relevant threats as Mandiant blends open-source data with proprietary frontline observations.

Learn More

Protection Guides

Making threat intelligence actionable is critical to cyber defense. Our detailed guides help you understand and apply threat intelligence.

Proactive Preparation and Hardening to Prevent Against Destructive Attacks

Includes hardening and detection guidance to protect against a destructive attack or other security incident within your environment.

Ransomware Protection and Containment Strategies

Practical guidance for endpoint protection, hardening and containment.

Linux Endpoint Hardening to Protect Against Malware and Destructive Attacks

This paper provides recommendations to protect Linux endpoints from adversarial abuse. 

You Might Also Be Interested In

Mandiant Cyber Security Forecast 2023

Inform your cyber security strategy for 2023 with insights from Mandiant leaders and experts.

Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29

Learn how to proactively harden and remediate your environments against attack techniques used by APT29.

The Defender’s Advantage Cyber Snapshot

Get insights into today’s top cyber defense topics based on Mandiant frontline, real-world experience.

Global Perspectives on Threat Intelligence Report from Mandiant

Learn the key challenges facing cyber security decision-makers from organizations around the world and key actions required to solidify your cyber readiness. Get the Global Perspectives on Threat Intelligence report today.

Read The Report

 

Watch the Webinar

 

Global Perspective Threat Intelligence

Register today for free access to Mandiant Threat Intelligence