Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-25MandiantKen Proska, Daniel Kapellmann Zafra, Keith Lunden, Corey Hildebrandt, Rushikesh Nandedkar, Nathan Brubaker
@online{proska:20230525:cosmicenergy:bb4b9a9, author = {Ken Proska and Daniel Kapellmann Zafra and Keith Lunden and Corey Hildebrandt and Rushikesh Nandedkar and Nathan Brubaker}, title = {{COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises}}, date = {2023-05-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response}, language = {English}, urldate = {2023-05-26} } COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
LIGHTWORK PIEHOP
2023-03-30MandiantAlden Wahlstrom, Gabby Roncone, Keith Lunden, Daniel Kapellmann Zafra
@online{wahlstrom:20230330:contracts:c4bbb45, author = {Alden Wahlstrom and Gabby Roncone and Keith Lunden and Daniel Kapellmann Zafra}, title = {{Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan}}, date = {2023-03-30}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cyber-operations-russian-vulkan}, language = {English}, urldate = {2023-03-30} } Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan
INCONTROLLER
2023-03-22MandiantDaniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker
@online{zafra:20230322:we:7fad55c, author = {Daniel Kapellmann Zafra and Keith Lunden and Nathan Brubaker}, title = {{We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems}}, date = {2023-03-22}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/hacktivists-targeting-ot-systems}, language = {English}, urldate = {2023-04-22} } We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems
2022-07-26MandiantThibault van Geluwe de Berlaere, Jay Christiansen, Daniel Kapellmann Zafra, Ken Proska, Keith Lunden
@online{berlaere:20220726:mandiant:c1c4498, author = {Thibault van Geluwe de Berlaere and Jay Christiansen and Daniel Kapellmann Zafra and Ken Proska and Keith Lunden}, title = {{Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers}}, date = {2022-07-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mandiant-red-team-emulates-fin11-tactics}, language = {English}, urldate = {2023-01-19} } Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
Clop Industroyer MimiKatz Triton
2022-04-25MandiantDaniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker
@online{zafra:20220425:industroyerv2:5548d98, author = {Daniel Kapellmann Zafra and Raymond Leong and Chris Sistrunk and Ken Proska and Corey Hildebrandt and Keith Lunden and Nathan Brubaker}, title = {{INDUSTROYER.V2: Old Malware Learns New Tricks}}, date = {2022-04-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/industroyer-v2-old-malware-new-tricks}, language = {English}, urldate = {2022-04-29} } INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2
2022-04-13MandiantNathan Brubaker, Keith Lunden, Ken Proska, Muhammad Umair, Daniel Kapellmann Zafra, Corey Hildebrandt, Rob Caldwell
@online{brubaker:20220413:incontroller:0f05d07, author = {Nathan Brubaker and Keith Lunden and Ken Proska and Muhammad Umair and Daniel Kapellmann Zafra and Corey Hildebrandt and Rob Caldwell}, title = {{INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems}}, date = {2022-04-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool}, language = {English}, urldate = {2022-04-15} } INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
2022-01-31MandiantDaniel Kapellmann Zafra, Corey Hidelbrandt, Nathan Brubaker, Keith Lunden
@online{zafra:20220131:1:e0f6f31, author = {Daniel Kapellmann Zafra and Corey Hidelbrandt and Nathan Brubaker and Keith Lunden}, title = {{1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information}}, date = {2022-01-31}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/ransomware-extortion-ot-docs}, language = {English}, urldate = {2022-02-02} } 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information
2021-05-25FireEyeKeith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker
@online{lunden:20210525:crimes:6597645, author = {Keith Lunden and Daniel Kapellmann Zafra and Nathan Brubaker}, title = {{Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises}}, date = {2021-05-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html}, language = {English}, urldate = {2021-06-16} } Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
2020-07-15MandiantNathan Brubaker, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Corey Hildebrandt
@online{brubaker:20200715:financially:f217555, author = {Nathan Brubaker and Daniel Kapellmann Zafra and Keith Lunden and Ken Proska and Corey Hildebrandt}, title = {{Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families}}, date = {2020-07-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/financially-motivated-actors-are-expanding-access-into-ot}, language = {English}, urldate = {2022-07-28} } Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
Clop DoppelPaymer LockerGoga Maze MegaCortex Nefilim Snake