Threat Intelligence
-
Threats
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
Mandiant has observed an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability prior to a patch being…
-
Threats
Abusing Replication: Stealing AD FS Secrets Over the Network
Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching…
-
Breaches
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability
Mar 08, 2024NewsroomVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security…
-
Threats
Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named “Ghostwriter.” Ghostwriter is…
-
Threats
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security (ES) product that were being exploited…
-
Phishing
Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
At least two government-backed actors — including one Russian group — used the now-patched flaws in separate campaigns, Google says.…