Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-24MandiantRyan Serabian, Daniel Kapellmann Zafra, Conor Quigley, David Mainor
@online{serabian:20230724:proprc:500b383, author = {Ryan Serabian and Daniel Kapellmann Zafra and Conor Quigley and David Mainor}, title = {{Pro-PRC HaiEnergy Campaign Exploits U.S. News Outlets via Newswire Services to Target U.S. Audiences; Evidence of Commissioned Protests in Washington, D.C.}}, date = {2023-07-24}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/pro-prc-haienergy-us-news}, language = {English}, urldate = {2023-07-31} } Pro-PRC HaiEnergy Campaign Exploits U.S. News Outlets via Newswire Services to Target U.S. Audiences; Evidence of Commissioned Protests in Washington, D.C.
2023-05-25MandiantKen Proska, Daniel Kapellmann Zafra, Keith Lunden, Corey Hildebrandt, Rushikesh Nandedkar, Nathan Brubaker
@online{proska:20230525:cosmicenergy:bb4b9a9, author = {Ken Proska and Daniel Kapellmann Zafra and Keith Lunden and Corey Hildebrandt and Rushikesh Nandedkar and Nathan Brubaker}, title = {{COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises}}, date = {2023-05-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response}, language = {English}, urldate = {2023-05-26} } COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
LIGHTWORK PIEHOP
2023-03-30MandiantAlden Wahlstrom, Gabby Roncone, Keith Lunden, Daniel Kapellmann Zafra
@online{wahlstrom:20230330:contracts:c4bbb45, author = {Alden Wahlstrom and Gabby Roncone and Keith Lunden and Daniel Kapellmann Zafra}, title = {{Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan}}, date = {2023-03-30}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cyber-operations-russian-vulkan}, language = {English}, urldate = {2023-03-30} } Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan
INCONTROLLER
2023-03-22MandiantDaniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker
@online{zafra:20230322:we:7fad55c, author = {Daniel Kapellmann Zafra and Keith Lunden and Nathan Brubaker}, title = {{We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems}}, date = {2023-03-22}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/hacktivists-targeting-ot-systems}, language = {English}, urldate = {2023-04-22} } We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems
2022-08-04MandiantRyan Serabian, Daniel Kapellmann Zafra
@online{serabian:20220804:proprc:2b0de36, author = {Ryan Serabian and Daniel Kapellmann Zafra}, title = {{Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/pro-prc-information-operations-campaign-haienergy}, language = {English}, urldate = {2022-08-11} } Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites
2022-07-26MandiantThibault van Geluwe de Berlaere, Jay Christiansen, Daniel Kapellmann Zafra, Ken Proska, Keith Lunden
@online{berlaere:20220726:mandiant:c1c4498, author = {Thibault van Geluwe de Berlaere and Jay Christiansen and Daniel Kapellmann Zafra and Ken Proska and Keith Lunden}, title = {{Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers}}, date = {2022-07-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mandiant-red-team-emulates-fin11-tactics}, language = {English}, urldate = {2023-01-19} } Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
Clop Industroyer MimiKatz Triton
2022-04-25MandiantDaniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker
@online{zafra:20220425:industroyerv2:5548d98, author = {Daniel Kapellmann Zafra and Raymond Leong and Chris Sistrunk and Ken Proska and Corey Hildebrandt and Keith Lunden and Nathan Brubaker}, title = {{INDUSTROYER.V2: Old Malware Learns New Tricks}}, date = {2022-04-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/industroyer-v2-old-malware-new-tricks}, language = {English}, urldate = {2022-04-29} } INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2
2022-04-13MandiantNathan Brubaker, Keith Lunden, Ken Proska, Muhammad Umair, Daniel Kapellmann Zafra, Corey Hildebrandt, Rob Caldwell
@online{brubaker:20220413:incontroller:0f05d07, author = {Nathan Brubaker and Keith Lunden and Ken Proska and Muhammad Umair and Daniel Kapellmann Zafra and Corey Hildebrandt and Rob Caldwell}, title = {{INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems}}, date = {2022-04-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool}, language = {English}, urldate = {2022-04-15} } INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
2022-01-31MandiantDaniel Kapellmann Zafra, Corey Hidelbrandt, Nathan Brubaker, Keith Lunden
@online{zafra:20220131:1:e0f6f31, author = {Daniel Kapellmann Zafra and Corey Hidelbrandt and Nathan Brubaker and Keith Lunden}, title = {{1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information}}, date = {2022-01-31}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/ransomware-extortion-ot-docs}, language = {English}, urldate = {2022-02-02} } 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information
2021-11-18MandiantChris Sistrunk, Ken Proska, Glen Chason, Daniel Kapellmann
@online{sistrunk:20211118:introducing:5f08e41, author = {Chris Sistrunk and Ken Proska and Glen Chason and Daniel Kapellmann}, title = {{Introducing Mandiant's Digital Forensics and Incident Response Framework for Embedded OT Systems}}, date = {2021-11-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mandiant-dfir-framework-ot}, language = {English}, urldate = {2021-11-19} } Introducing Mandiant's Digital Forensics and Incident Response Framework for Embedded OT Systems
2021-10-27MandiantKen Proska, Corey Hildebrandt, Daniel Kapellmann Zafra, Nathan Brubaker
@online{proska:20211027:portable:437b9c1, author = {Ken Proska and Corey Hildebrandt and Daniel Kapellmann Zafra and Nathan Brubaker}, title = {{Portable Executable File Infecting Malware Is Increasingly Found in OT Networks}}, date = {2021-10-27}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/pe-file-infecting-malware-ot}, language = {English}, urldate = {2021-11-08} } Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
CCleaner Backdoor Floxif neshta Ramnit Sality Virut
2021-05-25FireEyeKeith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker
@online{lunden:20210525:crimes:6597645, author = {Keith Lunden and Daniel Kapellmann Zafra and Nathan Brubaker}, title = {{Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises}}, date = {2021-05-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html}, language = {English}, urldate = {2021-06-16} } Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
2020-07-15MandiantNathan Brubaker, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Corey Hildebrandt
@online{brubaker:20200715:financially:f217555, author = {Nathan Brubaker and Daniel Kapellmann Zafra and Keith Lunden and Ken Proska and Corey Hildebrandt}, title = {{Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families}}, date = {2020-07-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/financially-motivated-actors-are-expanding-access-into-ot}, language = {English}, urldate = {2022-07-28} } Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
Clop DoppelPaymer LockerGoga Maze MegaCortex Nefilim Snake