Cyber Threat Intelligence
Understand and proactively protect against threat actors targeting you and your peers.
Latest Threat Intelligence Resources
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
04.27.2022 Apr 27, 2022 | 10 mins read BlogHave Your Cake and Eat it Too? An Overview of UNC2891
03.16.2022 Mar 16, 2022 | 14 mins read WebinarMandiant Intelligence Briefing: Stories Directly From The Frontline
11.18.2021 Nov 18, 2021 | 1 min readINCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
04.13.2022 Apr 13, 2022 | 15 mins read BlogNot So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations
03.23.2022 Mar 23, 2022 | 7 mins read ReportKeeping up with CONTI
03.18.2022 Mar 18, 2022 | 2 mins read BlogINDUSTROYER.V2: Old Malware Learns New Tricks
04.25.2022 Apr 25, 2022 | 14 mins readUkraine Crisis Resource Center
Follow the latest insights, reports, and news from the Mandiant team regarding the ongoing conflict in Ukraine.
Mandiant Advantage Threat Intelligence
Dive deeper into Mandiant's frontline research with access to exclusive reports and more in you Advantage dashboard.
Finished Intelligence
Iran-Linked UNC3313 APT Employed Two Custom Backdoors Against a Middle East Gov Entity
Mandiant Threat Intelligence has been tracking and providing extensive coverage of UNC3313 activity, assessed with moderate confidence to be associated with TEMP.Zagros, to include the group’s malware development of GramDoor and StarWhale payloads. We believe that UNC3313...
Industry Profile: Technology (2022)
Mandiant Threat Intelligence assesses with high confidence that cyber espionage poses a frequent and serious threat to the technology industry. These operations likely target technology organizations to obtain proprietary data that could be used for military or commercial advantage…
Cyber Threat Actors Announce Threats and Attacks Against Critical Infrastructure in Response to Russia/Ukraine Conflict
In response to the Russia/Ukraine conflict, various cyber threat actor groups have been announcing sides and possible threats of action against various parties. Mandiant Threat Intelligence observed some activity with implications for critical infrastructure and operational…
Active Threat Actors
APT41
APT41 is a Chinese state-sponsored espionage group that also conducts financially motivated activity for personal gain. The group has executed multiple supply chain compromises, gaining access to software companies to inject malicious code into legitimate files before distributing updates.
UNC2452
UNC2452 is a sophisticated group that has targeted government and private sector entities worldwide. They have employed numerous unique capabilities, including gaining initial access through a software supply chain vulnerability. The U.S. government attributed the SolarWinds supply chain compromise which we track as UNC2452 to the Russian Foreign Intelligence Service (SVR).
UNC1543
UNC1543 is a financially motivated cluster of activity that distributes FAKEUPDATES, a multi-stage JavaScript dropper that typically masquerades as a browser update. In at least some cases, UNC1543 appears to partner with clients or affiliates who use access obtained by the group to deploy additional malware.
Why Mandiant Threat Intelligence?
Leveraging hundreds of thousands of incidence response hours per year and over a thousand years of investigative experience, Mandiant provides relevant and timely reports on the latest cyber threat intelligence trends and topics. These reports eliminate the need to search the web gathering pieces of intelligence as you go, saving you a considerable amount of time.
Protection Guides
Having and understanding the threat intelligence is part of the solution. Making it actionable is critically important. These detailed guides will help you understand the issue and provide recommendations on how to put the threat intelligence into practice.
Proactive Preparation and Hardening to Prevent Against Destructive Attacks
Includes hardening and detection guidance to protect against a destructive attack or other security incident within your environment.
Distributed Denial of Services (DDoS) Protection Recommendations
This guide outlines the different types of DDoS events and the protection recommendations.
Linux Endpoint Hardening to Protect Against Malware and Destructive Attacks
This paper provides recommendations to protect Linux endpoints from adversarial abuse.
REMEDIATION AND HARDENING STRATEGIES FOR MICROSOFT 365 TO DEFEND AGAINST UNC2452
In December 2020, FireEye uncovered and publicly disclosed a widespread campaign conducted by the threat group we track as UNC2452
Ransomware Protection and Containment Strategies Practical Guidance for Endpoint Protection, Hardening and Containment
Ransomware is a common method of cyber extortion or disruption for financial gain.