Written by: Ofir Rozmann, Asli Koksal, Sarah Bock Today Mandiant is releasing details of a suspected Iran-nexus counterintelligence operation aimed at collecting data on Iranians and domestic threats who may be collaborating with intelligence and security agencies abroad, particularly in…
Category: Threat Intelligence
PEAKLIGHT: Decoding the Stealthy Memory-Only Malware
Written by: Aaron Lee, Praveeth DSouza TL;DR Mandiant identified a new memory-only dropper using a complex, multi-stage infection process. This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT. Overview Mandiant Managed Defense…
“WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services
Written by: Nick McClendon, Daniel McNamara, Jacob Paullus < div class=”block-paragraph_advanced”> Executive Summary Mandiant disclosed this vulnerability to Microsoft via the Microsoft Security Response Center (MSRC) vulnerability disclosure program, and Microsoft has fixed the underlying issue. An attacker with…
Hacking Beyond .com — Enumerating Private TLDs
Written by: Idan Ron < div class=”block-paragraph_advanced”> Background My story started a few months ago, when I performed a red team assessment for a major retail company. During the Open Source Reconnaissance (OSINT) phase, I reviewed the SSL certificates…
Hacking Beyond.com — Enumerating Private TLDs
Written by: Idan Ron < div class=”block-paragraph_advanced”> Background My story started a few months ago, when I performed a red team assessment for a major retail company. During the Open Source Reconnaissance (OSINT) phase, I reviewed the SSL certificates…
UNC4393 Goes Gently into the SILENTNIGHT
Written by: Josh Murchie, Ashley Pearson, Joseph Pisano, Jake Nicastro, Joshua Shilko, Raymond Leong Overview In mid-2022, Mandiant’s Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware indicators. This marked Mandiant’s…
APT45: North Korea’s Digital Military Machine
Written by: Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, Michael Barnhart Executive Summary APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009. APT45 has gradually expanded into…
Whose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks
Written by: Emily Astranova, Pascal Issa < div class=”block-paragraph_advanced”> Executive Summary AI-powered voice cloning can now mimic human speech with uncanny precision, creating for more realistic phishing schemes. According to news reports, scammers have leveraged voice cloning and deepfakes…
APT41 Has Arisen From the DUST
Written by: Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore < div class=”block-paragraph_advanced”> Executive Summary In collaboration with Google’s Threat Analysis Group (TAG), Mandiant has observed a sustained campaign by the advanced persistent…
Scaling Up Malware Analysis with Gemini 1.5 Flash
Written by:Bernardo Quintero, Founder of VirusTotal and Security Director, Google Cloud SecurityAlex Berry, Security Manager of the Mandiant FLARE Team, Google Cloud SecurityIlfak Guilfanov, author of IDA Pro and CTO, Hex-RaysVijay Bolina, Chief Information Security Officer & Head of Cybersecurity Research,…