Trending Evil: Spotlight on Mandiant MDR Prevention of Destructive Campaigns Against Ukrainian Entities
In this edition we provide an inside look at our defense of Ukrainian entities after initiating additional protective measures for customers, observations of APT41, and a breakdown of web attacks:
- Disrupting Russian Attacks: In anticipation of continued Russian cyber attacks in support of its invasion of Ukraine, Managed Defense enhanced monitoring and threat hunting services for customers beginning in February 2022. This led to the prevention of multiple destructive attacks, including a spear phishing campaign distributing a downloader attributed to APT29, and a Microsoft Exchange Server exploitation Mandiant associates with moderate confidence to Russian cyber espionage actor APT28.
- Monitoring APT41: Managed Defense observed the prolific Chinese state-sponsored espionage group APT41 targeting state governments and exploiting internet-facing web applications containing zero-day vulnerabilities, including the infamous zero-day in Log4j (CVE-2021-44228).
- Notable Web-based Threats: From January 2022 to March 2022, an increased number of Managed Defense investigations involved web-based threats, including credential harvesting of web browsers in which victims were redirected to download malicious archives hosted on file-sharing websites.
Delivered as an online, interactive experience, each Trending Evil report features the most impactful threats observed during the reporting period, along with insights on notable malware families, commonly targeted industries, and relevant tactics, techniques, and procedures.
The first edition of Trending Evil highlighted the lasting impact of Log4Shell and recounted 30+ attack campaigns observed by Managed Defense, including activity from suspected China- and Iran-sponsored state-nexus threat clusters. As 2021 ended, Managed Defense also observed numerous financially motivated attacks that delivered malicious payloads via fake web pages or email phishing campaigns.
The Trending Evil series helps organizations strengthen their security programs, providing teams with defensive actions that can be taken to help keep IT environments a step ahead of the most prevalent threats.
Mandiant Managed Defense is a managed detection and response service that delivers around-the-clock monitoring and event triage, continuous threat hunting to uncover hidden adversaries, and rapid response and remediation to resolve incidents before they impact the organization.
Download the latest edition of Trending Evil now.