Threat Intelligence
-
Threats
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being…
-
Threats
Abusing Replication: Stealing AD FS Secrets Over the Network
Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching…
-
Breaches
Badges, Bytes and Blackmail
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where…
-
Threats
Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named “Ghostwriter.” Ghostwriter is…
-
Threats
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited…
-
Phishing
Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
At least two government-backed actors — including one Russian group — used the now-patched flaws in separate campaigns, Google says.…
-
Breaches
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Ravie LakshmananJan 28, 2026Vulnerability / Threat Intelligence Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially…
-
Breaches
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and Ransomware
A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called…
-
Breaches
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
Jan 16, 2026Ravie LakshmananMalvertising / Threat Intelligence The JavaScript (aka JScript) malware loader called GootLoader has been observed using a…
-
Breaches
Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.…
- 1
- 2
English
العربية
简体中文
Nederlands
Français
Deutsch
Italiano
Қазақ тілі
Кыргызча
Latviešu valoda
Lietuvių kalba
Português
Русский
Српски језик
Slovenčina
Slovenščina
Español
Türkçe
Українська
O‘zbekcha