As the Flare-On 8 Challenge concludes, we provide the solutions and provide stats on the finishers, where were the most we've ever had. 

Mandiant Intelligence releases a comprehensive report detailing FIN12, an aggressive, financially motivated threat actor behind prolific ransomware attacks since at least October 2018.

Today, Mandiant disclosed a critical risk vulnerability in coordination with the  Cybersecurity and Infrastructure Security Agency  (“CISA”) that affects millions of IoT devices that use the  ThroughTek “Kalay”  network. This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.

On Oct. 24, 2017, coordinated strategic web compromises started to distribute BADRABBIT ransomware to unwitting users.

On June 27, 2017, multiple organizations – many in Europe – reported  significant disruptions  they are attributing to a variant of the Petya ransomware, which we are calling “EternalPetya”. The malware was initially distributed through a compromised software update system and then self-propagated through stolen credentials and SMB exploits, including the  EternalBlue exploit  used in the  WannaCry  attack from May 2017.