View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 SMART Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute
Continue ReadingAuthor: Anowar Hossain Rana
Extracting Practical Observations from Impractical Datasets, (Thu, Jan 16th)
[This is a Guest Diary by Curtis Dibble, an ISC intern as part of the SANS.edu BACS [1] program] Figure 1: A heatmap showing the date and frequency a given set of commands input to the honeypot
Continue ReadingHoles in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets
Written by: Mark Swindle While investigating recent exposures of Amazon Web Services (AWS) secrets, Mandiant identified a scenario in which client-specific secrets have been leaked from Atlassian's code repository tool, Bitbucket, and leveraged by threat
Continue ReadingIOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders
Written by: Michael Raggi Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain
Continue ReadingRansomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools
Written by: Bavi Sadayappan, Zach Riddle, Jordan Nuce, Joshua Shilko, Jeremy Kennelly A version of this blog post was published to the Mandiant Advantage portal on April 18, 2024. Executive Summary In 2023, Mandiant observed
Continue ReadingPhishing for Gold: Cyber Threats Facing the 2024 Paris Olympics
Written by: Michelle Cantos, Jamie Collier Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism,
Continue ReadingUNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
UPDATE (June 17): We have released our Snowflake threat hunting guide, which contains guidance and queries for detecting abnormal and malicious activity across Snowflake customer database instances. Default retention policies for the relevant views enable threat
Continue ReadingInsights on Cyber Threats Targeting Users and Enterprises in Brazil
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno Note: A Portuguese-language version of this blog post is available. Individuals and organizations in Brazil face a unique cyber threat landscape because it
Continue ReadingUNC3944 Targets SaaS Applications
Introduction UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider" and has been observed adapting its tactics to include data theft from
Continue ReadingCloaked and Covert: Uncovering UNC3886 Espionage Operations
Written by: Punsaen Boonyakarn, Shawn Chew, Logeswaran Nadarajan, Mathew Potaczek, Jakub Jozwiak, Alex Marvi Following the discovery of malware residing within ESXi hypervisors in September 2022, Mandiant began investigating numerous intrusions conducted by UNC3886, a
Continue Reading