Malpedia Library

Click here to download all references as Bib-File.•

2025-04-03 ⋅ Mandiant ⋅ Jacob Thompson, John Wolfram, Josh Murchie, Matt Lin, Michael Edie
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
SPAWNSNARE

2024-04-17 ⋅ Mandiant ⋅ Alden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Luke Jenkins, Nick Simonian, Ryan Hall, Tyler McLellan
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
Sandworm

2024-04-16 ⋅ Mandiant ⋅ Alden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm

2024-04-04 ⋅ Mandiant ⋅ Ashley Pearson, Austin Larsen, Billy Wong, John Wolfram, Joseph Pisano, Josh Murchie, Lukasz Lamparski, Matt Lin, Ron Craft, Ryan Hall, Shawn Chew, Tyler McLellan
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
UNC3569 UNC5266 UNC5291 UNC5330 UNC5337 UTA0178

2024-01-12 ⋅ Mandiant ⋅ Dimiter Andonov, Gabby Roncone, John Wolfram, Matt Lin, Robert Wallace, Tyler McLellan
Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation
UTA0178

2023-11-09 ⋅ Mandiant ⋅ Chris Sistrunk, Daniel Kapellmann Zafra, Jared Wilson, John Wolfram, Keith Lunden, Ken Proska, Nathan Brubaker, Tyler McLellan
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
CaddyWiper

2023-08-29 ⋅ Mandiant ⋅ Austin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Michael Raggi
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
GhostEmperor

2023-08-29 ⋅ Google ⋅ Austin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Michael Raggi
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
GhostEmperor UNC4841

2023-06-15 ⋅ Google ⋅ Alyssa Glickman, Austin Larsen, Fernando Tomlinson, Jakub Jozwiak, John Palmisano, John Wolfram, Josh Villanueva, Mathew Potaczek, Matthew McWhirt
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY WHIRLPOOL UNC4841

2023-06-15 ⋅ Mandiant ⋅ Austin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Matthew McWhirt
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY UNC4841

2023-01-05 ⋅ Mandiant ⋅ Eduardo Mattos, Gabby Roncone, John Wolfram, Sarah Hawley, Tyler McLellan
Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY

2022-11-28 ⋅ Mandiant ⋅ Geoff Ackerman, John Wolfram, Ryan Tomcik, Tommy Dacanay
Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK UNC4191

2022-04-29 ⋅ Mandiant ⋅ Anders Vejlby, John Wolfram, Nick Simonian, Sarah Hawley, Tyler McLellan
Trello From the Other Side: Tracking APT29 Phishing Campaigns
BEATDROP VaporRage

2022-04-28 ⋅ Mandiant ⋅ Anders Vejlby, John Wolfram, Nick Simonian, Sarah Hawley, Tyler McLellan
Trello From the Other Side: Tracking APT29 Phishing Campaigns
Cobalt Strike

2022-03-28 ⋅ Mandiant ⋅ Brandon Wilbur, Dallin Warne, Geoff Ackerman, James Maclachlan, John Wolfram, Tufail Ahmed
Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
KEYPLUG

2022-03-08 ⋅ Mandiant ⋅ Douglas Bienstock, Geoff Ackerman, John Wolfram, Rufus Brown, Van Ta
Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
KEYPLUG Cobalt Strike LOWKEY

2021-09-03 ⋅ FireEye ⋅ Adrian Sanchez Hernandez, Alex Pennino, Andrew Rector, Brendan McKeague, Govand Sinjari, Harris Ansari, John Wolfram, Joshua Goddard, Yash Gupta
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran