Home Malware Threats


Review Current Cyber Threats & Learn How To Protect Computers, Servers & Cloud Workloads. Threat intelligence and news reporting on the latest cyber adversaries an their tools. Prevent Cyber Attacks. The latest malware and APT information.

Credential-stealing malware disguises itself as Telegram, targets social media users

Spyware.FFDroider is an information stealer that exfiltrates browser data in an attempt to steal credentials and valid session cookies. A credential-stealing Windows-based malware, Spyware.FFDroider, is after social media credentials...

Don’t let scammers ruin your Valentine’s Day

No matter the occasion, you can always count on scammers to show up. Today is Valentine’s Day, so we thought we’d show you how cybercriminals use special times...

SolarWinds attackers launch new campaign

The Microsoft Threat Intelligence Center has issued a warning about new activities from Nobelium, the group behind SolarWinds, Sunburst, and related attacks. Nobelium is a synthetic chemical element with...

This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered

July 21, 2021 | By Chris Caridi co-authored by Allison Wikoff | 8 min read Ransomware attacks are topping the charts as the most common attack type to target organizations with a constant drumbeat of attacks impacting industries...

Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise

Threat Research Blog Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise June 16, 2021 | by Tyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson, Jordan Nuce ...

The UNC2529 Triple Double: A Trifecta Phishing Campaign

In December 2020, Mandiant observed a widespread, global phishing campaign targeting numerous organizations across an array of industries. Mandiant tracks this threat actor as UNC2529. Based on the considerable...

UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat

Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being available and deploying sophisticated malware previously reported by other...

Abusing Replication: Stealing AD FS Secrets Over the Network

Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching on and Mandiant has observed an increased focus on...

Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity

In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named “Ghostwriter.” Ghostwriter is a cyber-enabled influence campaign which primarily targets audiences in...

Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited in the wild. These vulnerabilities were executed in conjunction...
Error decoding the Instagram API json