Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-24MandiantAustin Larsen, Dan Kelly, Joseph Pisano, Mark Golembiewski, Matt Williams, Paige Godvin
@online{larsen:20230724:north:cce7489, author = {Austin Larsen and Dan Kelly and Joseph Pisano and Mark Golembiewski and Matt Williams and Paige Godvin}, title = {{North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack}}, date = {2023-07-24}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/north-korea-supply-chain}, language = {English}, urldate = {2023-07-24} } North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
FULLHOUSE STRATOFEAR
2023-07-24MandiantRyan Serabian, Daniel Kapellmann Zafra, Conor Quigley, David Mainor
@online{serabian:20230724:proprc:500b383, author = {Ryan Serabian and Daniel Kapellmann Zafra and Conor Quigley and David Mainor}, title = {{Pro-PRC HaiEnergy Campaign Exploits U.S. News Outlets via Newswire Services to Target U.S. Audiences; Evidence of Commissioned Protests in Washington, D.C.}}, date = {2023-07-24}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/pro-prc-haienergy-us-news}, language = {English}, urldate = {2023-07-31} } Pro-PRC HaiEnergy Campaign Exploits U.S. News Outlets via Newswire Services to Target U.S. Audiences; Evidence of Commissioned Protests in Washington, D.C.
2023-07-21MandiantJames Nugent, Foti Castelan, Doug Bienstock, Justin Moore, Josh Murchie
@online{nugent:20230721:exploitation:ef4ffa7, author = {James Nugent and Foti Castelan and Doug Bienstock and Justin Moore and Josh Murchie}, title = {{Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)}}, date = {2023-07-21}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/citrix-zero-day-espionage}, language = {English}, urldate = {2023-07-31} } Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)
2023-07-20MandiantMandiant Intelligence
@online{intelligence:20230720:killnet:d435c7f, author = {Mandiant Intelligence}, title = {{KillNet Showcases New Capabilities While Repeating Older Tactics}}, date = {2023-07-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/killnet-new-capabilities-older-tactics}, language = {English}, urldate = {2023-07-31} } KillNet Showcases New Capabilities While Repeating Older Tactics
2023-07-19MandiantAndrew Oliveau
@online{oliveau:20230719:escalating:3ffa562, author = {Andrew Oliveau}, title = {{Escalating Privileges via Third-Party Windows Installers}}, date = {2023-07-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers}, language = {English}, urldate = {2023-07-31} } Escalating Privileges via Third-Party Windows Installers
2023-07-18MandiantMandiant Intelligence
@online{intelligence:20230718:stealth:789e8b1, author = {Mandiant Intelligence}, title = {{Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection}}, date = {2023-07-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/chinese-espionage-tactics}, language = {English}, urldate = {2023-07-19} } Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection
BPFDoor SALTWATER SEASPY SideWalk ZuoRAT Daxin HyperBro HyperSSL Waterbear
2023-07-12MandiantDan Black, Gabby Roncone
@online{black:20230712:grus:7a7b81d, author = {Dan Black and Gabby Roncone}, title = {{The GRU's Disruptive Playbook}}, date = {2023-07-12}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/gru-disruptive-playbook}, language = {English}, urldate = {2023-07-13} } The GRU's Disruptive Playbook
CaddyWiper INDUSTROYER2
2023-07-11MandiantRommel Joven, Ng Choon Kiat
@online{joven:20230711:spies:5594cd9, author = {Rommel Joven and Ng Choon Kiat}, title = {{The Spies Who Loved You: Infected USB Drives to Steal Secrets}}, date = {2023-07-11}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/infected-usb-steal-secrets}, language = {English}, urldate = {2023-07-31} } The Spies Who Loved You: Infected USB Drives to Steal Secrets
PlugX
2023-07-10MandiantMatthew McWhirt, Thirumalai Natarajan Muthiah, Phil Pearce, Jennifer Guzzetta
@online{mcwhirt:20230710:defend:9fcdf9f, author = {Matthew McWhirt and Thirumalai Natarajan Muthiah and Phil Pearce and Jennifer Guzzetta}, title = {{Defend Against the Latest Active Directory Certificate Services Threats}}, date = {2023-07-10}, organization = {Mandiant}, url = {https://www.mandiant.com/blog/resources/defend-ad-cs-threats}, language = {English}, urldate = {2023-07-31} } Defend Against the Latest Active Directory Certificate Services Threats
2023-06-28MandiantAlexander Marvi, Greg Blaum, Ron Craft
@online{marvi:20230628:detection:4a20fad, author = {Alexander Marvi and Greg Blaum and Ron Craft}, title = {{Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts}}, date = {2023-06-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/vmware-detection-containment-hardening}, language = {English}, urldate = {2023-07-31} } Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts
2023-06-15MandiantAustin Larsen, John Palmisano, Mathew Potaczek, John Wolfram, Matthew McWhirt
@online{larsen:20230615:barracuda:f81b131, author = {Austin Larsen and John Palmisano and Mathew Potaczek and John Wolfram and Matthew McWhirt}, title = {{Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China}}, date = {2023-06-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally}, language = {English}, urldate = {2023-06-19} } Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY
2023-06-13MandiantAlexander Marvi, BRAD SLAYBAUGH, Ron Craft, Rufus Brown
@online{marvi:20230613:vmware:ab644e2, author = {Alexander Marvi and BRAD SLAYBAUGH and Ron Craft and Rufus Brown}, title = {{VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors (UNC3886)}}, date = {2023-06-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass}, language = {English}, urldate = {2023-07-31} } VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors (UNC3886)
2023-06-02MandiantNader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew McWhirt, DAN NUTTING, Kimberly Goody, Justin Moore, JOE PISANO, Zander Work, PETER UKHANOV, Juraj Sucik, WILL SILVERSTONE, ZACH SCHRAMM, Greg Blaum, OLLIE STYLES, NICHOLAS BENNETT, Josh Murchie
@online{zaveri:20230602:zeroday:a5ec238, author = {Nader Zaveri and Jeremy Kennelly and Genevieve Stark and Matthew McWhirt and DAN NUTTING and Kimberly Goody and Justin Moore and JOE PISANO and Zander Work and PETER UKHANOV and Juraj Sucik and WILL SILVERSTONE and ZACH SCHRAMM and Greg Blaum and OLLIE STYLES and NICHOLAS BENNETT and Josh Murchie}, title = {{Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft}}, date = {2023-06-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft}, language = {English}, urldate = {2023-07-31} } Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
2023-05-25MandiantKen Proska, Daniel Kapellmann Zafra, Keith Lunden, Corey Hildebrandt, Rushikesh Nandedkar, Nathan Brubaker
@online{proska:20230525:cosmicenergy:bb4b9a9, author = {Ken Proska and Daniel Kapellmann Zafra and Keith Lunden and Corey Hildebrandt and Rushikesh Nandedkar and Nathan Brubaker}, title = {{COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises}}, date = {2023-05-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response}, language = {English}, urldate = {2023-05-26} } COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
LIGHTWORK PIEHOP
2023-04-20MandiantJEFF JOHNSON, Fred Plan, ADRIAN SANCHEZ, RENATO FONTANA, Jake Nicastro, Dimiter Andonov, Marius Fodoreanu, DANIEL SCOTT
@online{johnson:20230420:3cx:9ef2c90, author = {JEFF JOHNSON and Fred Plan and ADRIAN SANCHEZ and RENATO FONTANA and Jake Nicastro and Dimiter Andonov and Marius Fodoreanu and DANIEL SCOTT}, title = {{3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible}}, date = {2023-04-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise}, language = {English}, urldate = {2023-04-25} } 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
POOLRAT IconicStealer
2023-04-18MandiantMandiant
@online{mandiant:20230418:mtrends:af1a28e, author = {Mandiant}, title = {{M-Trends 2023}}, date = {2023-04-18}, organization = {Mandiant}, url = {https://mandiant.widen.net/s/pkffwrbjlz/m-trends-2023}, language = {English}, urldate = {2023-04-18} } M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-04-13YouTube (The Korea Society)Jean Lee, Michael Barnhart, Mandiant
@online{lee:20230413:north:d400059, author = {Jean Lee and Michael Barnhart and Mandiant}, title = {{The North Korean Cyber Threat}}, date = {2023-04-13}, organization = {YouTube (The Korea Society)}, url = {https://www.youtube.com/watch?v=hFQvn0ig-Ic}, language = {English}, urldate = {2023-04-22} } The North Korean Cyber Threat
2023-04-03MandiantJASON DEYALSINGH, NICK SMITH, Eduardo Mattos, Tyler McLellan, Nick Richard
@online{deyalsingh:20230403:alphv:04f0dfa, author = {JASON DEYALSINGH and NICK SMITH and Eduardo Mattos and Tyler McLellan and Nick Richard}, title = {{ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access}}, date = {2023-04-03}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/alphv-ransomware-backup}, language = {English}, urldate = {2023-04-22} } ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
LaZagne BlackCat MimiKatz
2023-03-30MandiantAlden Wahlstrom, Gabby Roncone, Keith Lunden, Daniel Kapellmann Zafra
@online{wahlstrom:20230330:contracts:c4bbb45, author = {Alden Wahlstrom and Gabby Roncone and Keith Lunden and Daniel Kapellmann Zafra}, title = {{Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan}}, date = {2023-03-30}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/cyber-operations-russian-vulkan}, language = {English}, urldate = {2023-03-30} } Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan
INCONTROLLER
2023-03-28MandiantFred Plan, Van Ta, Michael Barnhart, Jeffery Johnson, Dan Perez, JOE DOBSON
@online{plan:20230328:apt43:878de2c, author = {Fred Plan and Van Ta and Michael Barnhart and Jeffery Johnson and Dan Perez and JOE DOBSON}, title = {{APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations}}, date = {2023-03-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/apt43-north-korea-cybercrime-espionage}, language = {English}, urldate = {2023-08-11} } APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations