Written by: Jake Liefer < div class=”block-paragraph_advanced”> In the ever-evolving landscape of cybersecurity, staying ahead of threats demands continuous learning and skill development. The NIST NICE framework provides a roadmap, but mastering its extensive tasks, knowledge, and skills (TKSs)…
Category: Threat Intelligence
Scaling Up Malware Analysis with Gemini 1.5 Flash
Written by:Bernardo Quintero, Founder of VirusTotal and Security Director, Google Cloud SecurityAlex Berry, Security Manager of the Mandiant FLARE Team, Google Cloud SecurityIlfak Guilfanov, author of IDA Pro and CTO, Hex-RaysVijay Bolina, Chief Information Security Officer & Head of Cybersecurity Research,…
Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO
Written by: John Hultquist < div class=”block-paragraph_advanced”> As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance faces…
Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO
Written by: John Hultquist < div class=”block-paragraph_advanced”> As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance faces…
Global Revival of Hacktivism Requires Increased Vigilance from Defenders
Written by: Daniel Kapellmann Zafra, Alden Wahlstrom, James Sadowski, Josh Palatucci, Davyn Baumann, Jose Nazario Since early 2022, Mandiant has observed the revival and intensification of threat activity from actors leveraging hacktivist tactics and techniques. This comes decades after…
Cloaked and Covert: Uncovering UNC3886 Espionage Operations
Written by: Punsaen Boonyakarn, Shawn Chew, Logeswaran Nadarajan, Mathew Potaczek, Jakub Jozwiak, Alex Marvi < div class=”block-paragraph_advanced”> Following the discovery of malware residing within ESXi hypervisors in September 2022, Mandiant began investigating numerous intrusions conducted by UNC3886, a suspected…
UNC3944 Targets SaaS Applications
< div class=”block-paragraph_advanced”> Introduction UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider,” and has been observed adapting its tactics to include data theft from software-as-a-service…
Insights on Cyber Threats Targeting Users and Enterprises in Brazil
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of global and local threats, posing significant risks to individuals,…
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
Introduction Through the course of our incident response engagements and threat intelligence collections, Mandiant has identified a threat campaign targeting Snowflake customer database instances with the intent of data theft and extortion. Snowflake is a multi-cloud data warehousing platform used…
Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics
Written by: Michelle Cantos, Jamie Collier < div class=”block-paragraph_advanced”> Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and…