Written by: Aurora Blum, Kelli Vanderlee Like many countries across the globe, Mexico faces a cyber threat landscape made up of a complex interplay of global and local threats, with threat actors carrying out attempted intrusions
Continue ReadingCategory: Google Cloud Threat Intelligence
DeFied Expectations — Examining Web3 Heists
Written by: Robert Wallace, Blas Kojusner, Joseph Dobson Where money goes, crime follows. The rapid growth of Web3 has presented new opportunities for threat actors, especially in decentralized finance (DeFi), where the heists are larger and
Continue ReadingA Measure of Motive: How Attackers Weaponize Digital Analytics Tools
Adrian McCabe, Ryan Tomcik, Stephen Clement Introduction Digital analytics tools are vital components of the vast domain that is modern cyberspace. From system administrators managing traffic load balancers to marketers and advertisers working to deliver relevant
Continue ReadingI Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation
Written by: Ofir Rozmann, Asli Koksal, Sarah Bock Today Mandiant is releasing details of a suspected Iran-nexus counterintelligence operation aimed at collecting data on Iranians and domestic threats who may be collaborating with intelligence and security
Continue ReadingEmboldened and Evolving: A Snapshot of Cyber Threats Facing NATO
Written by: John Hultquist As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance
Continue ReadingPEAKLIGHT: Decoding the Stealthy Memory-Only Malware
Written by: Aaron Lee, Praveeth DSouza TL;DR Mandiant identified a new memory-only dropper using a complex, multi-stage infection process. This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT.
Continue Reading“WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services
Written by: Nick McClendon, Daniel McNamara, Jacob Paullus Executive Summary Mandiant disclosed this vulnerability to Microsoft via the Microsoft Security Response Center (MSRC) vulnerability disclosure program, and Microsoft has fixed the underlying issue. An attacker
Continue ReadingHacking Beyond.com — Enumerating Private TLDs
Written by: Idan Ron Background My story started a few months ago, when I performed a red team assessment for a major retail company. During the Open Source Reconnaissance (OSINT) phase, I reviewed the SSL
Continue ReadingUNC4393 Goes Gently into the SILENTNIGHT
Written by: Josh Murchie, Ashley Pearson, Joseph Pisano, Jake Nicastro, Joshua Shilko, Raymond Leong Overview In mid-2022, Mandiant's Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware
Continue ReadingAPT45: North Korea’s Digital Military Machine
Written by: Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, Michael Barnhart Executive Summary APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009. APT45
Continue Reading