Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named “Ghostwriter.” Ghostwriter is a cyber-enabled influence campaign which primarily targets audiences in...
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. These vulnerabilities were executed in conjunction...
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
Executive Summary
Mandiant recently responded to multiple security incidents involving compromises of Pulse Secure VPN appliances.
This blog post examines multiple, related techniques for bypassing single and multifactor authentication on Pulse...
Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure
High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that...
M-Trends 2021: A View From the Front Lines
We are thrilled to launch M-Trends 2021, the 12th edition of our annual FireEye Mandiant publication. The past year has been unique, as we witnessed an unprecedented combination of...
A deep dive into Saint Bot, a new downloader
Saint Bot is a downloader that has been used to drop stealers. We take a deep look at it and its accompanying panel.
This post was authored by Hasherezade...
Apple developers targeted by malicious Xcode project
By:
Steve Zurier
Researchers reported Thursday...
CopperStealer malware infected up to 5,000 hosts per day over first three months of...
By:
Steve Zurier
Researchers disrupted a...
Video game cheat mod malware demonstrates risks of unlicensed software
By:
Derek B. Johnson
They say cheaters never prosper, and new security research indicates that malicious hackers are...
Aurora campaign: Attacking Azerbaijan using multiple RATs
We identified a new Python-based RAT targeting Azerbaijan from the same threat actor we profiled a month ago.
This post was authored by Hossein Jazi
As tensions between Azerbaijan and...