On January 3, 2024, Mandiant’s X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page. Working with X, we were able to regain control of the account and, based on our…
Tag: All Blog Listing
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
Earlier this year, Mandiant’s Managed Defense threat hunting team identified an UNC2975 malicious advertising (“malvertising”) campaign promoting malicious websites themed around unclaimed funds. This campaign dates back to at least June 19, 2023, and has abused search engine traffic and…
The Defender’s Advantage Cyber Snapshot, Issue 5 — Insiders, Applications, and Mitigating Risk
The Defender’s Advantage Cyber Snapshot report provides insights into cyber defense topics of growing importance based on Mandiant frontline observations and real-world experiences. The fifth edition covers a wide range of topics, including the ideology and landscape of insider threats,…
FLOSS for Gophers and Crabs: Extracting Strings from Go and Rust Executables
The evolving landscape of software development has introduced new programming languages like Go and Rust. Binaries compiled from these languages work differently to classic (C/C++) programs and challenge many conventional analysis tools. To support the static analysis of Go and…
Improving FLARE’s Malware Analysis Tools at Google Summer of Code 2023
This summer marked the FLARE team’s first year participating in Google Summer of Code (GSoC). GSoC is a global online mentoring program focused on introducing new contributors to open source software development. GSoC contributors work with mentors to complete 12+ week…
Insider Threat: Hunting and Detecting
The insider threat is a multifaceted challenge that represents a significant cybersecurity risk to organizations today. Some are malicious insiders such as employees looking to steal data or sabotage the organization. Some are unintentional insiders such as employees who make…
The CTI Process Hyperloop: A Practical Implementation of the CTI Process Lifecycle
Implementing the CTI Process Lifecycle as a Hyperloop The Intelligence Hyperloop is an implementation model for the Cyber Threat Intelligence (CTI) Process Lifecycle. The lifecycle is a well-established process describing how intelligence products are driven by planning & direction initially,…
The CTI Process Hyperloop: A Practical Implementation of the CTI Process Lifecycle
Implementing the CTI Process Lifecycle as a Hyperloop The Intelligence Hyperloop is an implementation model for the Cyber Threat Intelligence (CTI) Process Lifecycle. The lifecycle is a well-established process describing how intelligence products are driven by planning & direction initially,…
Flare-On 10 Challenge Solutions
Our goal this year was to make the most difficult Flare-On challenge we’ve ever produced to celebrate a full decade of contests. At the time of this writing, there were 219 Flare-On finishers out of 4,767 registered users, which makes…
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
In late 2022, Mandiant responded to a disruptive cyber physical incident in which the Russia-linked threat actor Sandworm targeted a Ukrainian critical infrastructure organization. This incident was a multi-event cyber attack that leveraged a novel technique for impacting industrial control…