Many people are hearing the term UNC for the first time after we published details of a threat group we refer to as  UNC2452 . “UNC” groups—or “uncategorized” groups—are raw attribution analysis that we previously kept primarily in house. We recently began rolling out UNC information to  Mandiant Advantage  customers because we want to give users direct access to source materials and raw analysis that Mandiant experts use to write intelligence, respond to breaches, and defend our clients. In light of recent events, we want to provide some more details to the greater public on the UNC designation.

COVID-19 has had enormous effects on our society and economy, but its effects on the cyber threat landscape remain limited.

Threat actors are interested in, and beginning to use, AI capabilities to facilitate a variety of malicious activity, but use remains limited.

FireEye recently identified three new zero-day vulnerabilities in Microsoft Office products that are being exploited in the wild.

Active Directory Certificate Services is a prime target for attacks, so our guidance will help you defend against them.

The hospitality sector is being actively targeted in a campaign that FireEye attributes with moderate confidence to APT28.

ThreatPursuit VM is a fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting.