WhatsApp can be forced to decrypt WhatsApp Google Drive backups by state surveillance
The AES-GCM-256 key is stored and generated by WhatsApp server and is sent to the client. When a user signs in to new device, it retrieves the key from the server...
Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure
High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that...
Top 8 Phishing Attacks of 2021
Top 8 Phishing Attacks of 2021 (Q1) and Advice for SMBs and MSPs
To wrap up the 1st Quarter of 2021 the CEO at HacWare, Tiffany Ricks, wanted to recap...
Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named “Ghostwriter.” Ghostwriter is a cyber-enabled influence campaign which primarily targets audiences in...
Bad Bots – How To Fight Them and What Are They
Author: Asim Rahal
Bad internet bot traffic rose by 18.1% in 2019, and it now accounts for nearly one-quarter of all internet traffic
The figure above, which comes from Imperva’s 2020 Bad...
M-Trends 2021: A View From the Front Lines
We are thrilled to launch M-Trends 2021, the 12th edition of our annual FireEye Mandiant publication. The past year has been unique, as we witnessed an unprecedented combination of...
Abusing Replication: Stealing AD FS Secrets Over the Network
Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching on and Mandiant has observed an increased focus on...
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. These vulnerabilities were executed in conjunction...
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other...
The UNC2529 Triple Double: A Trifecta Phishing Campaign
In December 2020, Mandiant observed a widespread, global phishing campaign targeting numerous organizations across an array of industries. Mandiant tracks this threat actor as UNC2529. Based on the considerable...