Written by: Chuong Dong Overview In our day-to-day work, the FLARE team often encounters malware written in Go that is protected using garble. While recent advancements in Go analysis from tools like IDA Pro have simplified the analysis process, garble…
Tag: Threat Intelligence
Not Lost in Translation: Rosetta 2 Artifacts in macOS Intrusions
Written by: Joshua Goddard Executive Summary Rosetta 2 is Apple’s translation technology for running x86-64 binaries on Apple Silicon (ARM64) macOS systems. Rosetta 2 translation creates a cache of Ahead-Of-Time (AOT) files that can serve as valuable forensic artifacts. Mandiant…
Phishing Campaigns Targeting Higher Education Institutions
Written by: Ashley Pearson, Ryan Rath, Gabriel Simches, Brian Timberlake, Ryan Magaw, Jessica Wilbur < div class=”block-paragraph_advanced”> Overview Beginning in August 2024, Mandiant observed a notable increase in phishing attacks targeting the education industry, specifically U.S.-based universities. A separate investigation conducted…
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
Written by: Dan Black < div class=”block-paragraph_advanced”>Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia’s intelligence services. While this emerging operational interest…
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
Written by: Dan Black < div class=”block-paragraph_advanced”>Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia’s intelligence services. While this emerging operational interest…
Cybercrime: A Multifaceted National Security Threat
< div class=”block-paragraph_advanced”> Executive Summary Cybercrime makes up a majority of the malicious activity online and occupies the majority of defenders’ resources. In 2024, Mandiant Consulting responded to almost four times more intrusions conducted by financially motivated actors than state-backed…
Using capa Rules for Android Malware Detection
< div class=”block-paragraph_advanced”> Mobile devices have become the go-to for daily tasks like online banking, healthcare management, and personal photo storage, making them prime targets for malicious actors seeking to exploit valuable information. Bad actors often turn to publishing and…
CVE-2023-6080: A Case Study on Third-Party Installer Abuse
Written By: Jacob Paullus, Daniel McNamara, Jake Rawlins, Steven Karschnia < div class=”block-paragraph_advanced”> Executive Summary Mandiant exploited flaws in the Microsoft Software Installer (MSI) repair action of Lakeside Software’s SysTrack installer to obtain arbitrary code execution. An attacker with low-privilege…
Adversarial Misuse of Generative AI
< div class=”block-paragraph_advanced”> Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our…
Adversarial Misuse of Generative AI
< div class=”block-paragraph_advanced”> Rapid advancements in artificial intelligence (AI) are unlocking new possibilities for the way we work and accelerating innovation in science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our…