Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
Cloaked and Covert: Uncovering UNC3886 Espionage Operations
2024-04-19YouTube (Decipher)Dan Black, Gabby Roncone, Lindsey O’Donnell-Welch
A Decade of Sandworm: Digging into APT44’s Past and Future With Mandiant
2024-04-16MandiantAlden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm
2024-04-04MandiantAshley Pearson, Austin Larsen, Billy Wong, John Wolfram, Joseph Pisano, Josh Murchie, Lukasz Lamparski, Matt Lin, Ron Craft, Ryan Hall, Shawn Chew, Tyler McLellan
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies
2024-02-27MandiantChen Evgi, Jonathan Leathery, Ofir Rozmann
When Cats Fly: Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors
2024-01-30MandiantDiana Ion, Jae Young Kim, Muhammad Umair, Panagiotis Antoniou, Yash Gupta
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths
QUIETBOARD Vetta Loader UNC4990
Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021
2024-01-12MandiantDimiter Andonov, Gabby Roncone, John Wolfram, Matt Lin, Robert Wallace, Tyler McLellan
Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation
2023-12-14MandiantAdrian McCabe, Geoff Ackerman, Rufus Brown, Ryan Tomcik
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors
DanaBot DarkGate
2023-11-09MandiantChris Sistrunk, Daniel Kapellmann Zafra, Jared Wilson, John Wolfram, Keith Lunden, Ken Proska, Nathan Brubaker, Tyler McLellan
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
2023-10-10MandiantAdrian Hernandez, Austin Larsen, JEFF JOHNSON, Michael Barnhart, Michelle Cantos, Taylor Long
Assessed Cyber Structure and Alignments of North Korea in 2023
2023-09-22MandiantDan Black, Josh Atkins, Luke Jenkins
Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations
Brute Ratel C4 Cobalt Strike EnvyScout GraphDrop QUARTERRIG sRDI Unidentified 107 (APT29)
2023-07-24MandiantConor Quigley, Daniel Kapellmann Zafra, David Mainor, Ryan Serabian
Pro-PRC HaiEnergy Campaign Exploits U.S. News Outlets via Newswire Services to Target U.S. Audiences; Evidence of Commissioned Protests in Washington, D.C.
2023-07-24MandiantAustin Larsen, Dan Kelly, Joseph Pisano, Mark Golembiewski, Matt Williams, Paige Godvin
North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
2023-07-21MandiantDoug Bienstock, Foti Castelan, James Nugent, Josh Murchie, Justin Moore
Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)
2023-07-20MandiantMandiant Intelligence
KillNet Showcases New Capabilities While Repeating Older Tactics
BlueHornet Zarya
2023-07-19MandiantAndrew Oliveau
Escalating Privileges via Third-Party Windows Installers
2023-07-18MandiantMandiant Intelligence
Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection
BPFDoor SALTWATER SEASPY SideWalk ZuoRAT Daxin HyperBro HyperSSL Waterbear
2023-07-12MandiantDan Black, Gabby Roncone
The GRU's Disruptive Playbook
CaddyWiper INDUSTROYER2 XakNet
2023-07-11MandiantNg Choon Kiat, Rommel Joven
The Spies Who Loved You: Infected USB Drives to Steal Secrets