The latest edition of our quarterly Trending Evil report discusses Russia, APT41 and web attacks.

New Mandiant research detailing the various IO activities seen by nation-state actors, resulting from the Russian invasion of Ukraine.

Mandiant identified exploitation of public-facing web applications by UNC2903 to harvest and abuse AWS credentials.

We introduce UNC3524, a newly discovered suspected espionage threat actor that to date heavily targets corporate emails.

Mandiant researchers tracked APT29 phishing campaigns targeting diplomatic organizations around the world and identified two new malware families.

Our three-prong framework helps  defenders identify levels of alarm and take appropriate actions in response to cyber threats.

Iteratively annotating functions is one strategy for a malware analyst, but it can be a tedious process.

We analyze a variant of INDUSTROYER, a well-known piece of attack-oriented ICS malware.

Mandiant has gathered sufficient evidence to assess that the actor behind SolarWinds is APT29.

We identified 80 zero-days exploited in the wild in 2021, which is more than we've ever seen in any other year.